Releaselog

453 000 Yahoo accounts hacked and leaked online

Posted on 12.07.2012 at 13:26 in Tech News by

yahoo-Voices-feat.png (247×247)A Yahoo! service has apparently succumbed to a simple database attack that leaked 453,000 unencrypted account passwords online. A huge document containing the lifted SQL structures, software variables, usernames and cleartext passwords was linked to from a web forum. In the file, the hackers described the break-in as “a wake-up call and not a threat”. The data dump included the hostname dbb1.ac.bf1.yahoo.com, which is associated with the blog-like service Yahoo! Voices, TrustedSec reports - although there was some confusion over whether the hacked service was in fact the internet telephone call app Yahoo! Voice.

The compromise was all too typical: a union-based SQL injection attack that tricked the website into handing over more information that it really should, Ars Technica reports. A hacking crew called the D33Ds Company claimed responsibility for the assault. Security firm Eset has carried out a preliminary statistical analysis of the leaked credentials here. A disappointing – but not surprising – number of the exposed passwords included, er, “password”, “welcome”, “Jesus” and “ninja”. It’s unclear why Yahoo! Voices was storing unencrypted passwords in its backend database – unsalted one-way encrypted hashes would have been bad enough.

Source: Register

* Comments(11)

Comments

Feel free to post your 453 000 Yahoo accounts hacked and leaked online torrent, subtitles, samples, free download, quality, NFO, rapidshare, depositfiles, uploaded.net, rapidgator, filefactory, netload, crack, serial, keygen, requirements or whatever-related comments here. Don't be rude (permban), use only English, don't go offtopic and read FAQ before asking a question. Owners of this website aren't responsible for content of comments.
  1. Krinklecut
    July 12th, 2012 | 13:50

    using yahoo or hotmail nowadays is just a dumb thing to do anyway. They both suck as an email client, and gaining access to someone’s account can be done in a few minutes. I guess the 2 of them just rely on the naive and gullible to get people to sign up with them. And who wants to go to there email to see all that garbage advertising in their email account. That is just insane. I guess those people don’t get enough of internet advertising. They are the ones who will talk through a show and watch the commercials.

  2. Niraj
    July 12th, 2012 | 14:12

    i was old user of yahoo and from long time i m using gmail for all my work

    Niraj
    http://palzmasti.org/forum.php

  3. @1@2
    July 12th, 2012 | 15:48

    if you actually read the news, you would know, that these are not yahoo mail-accounts. “A Yahoo! service” are the first 3 words in the post and later on the author writes this: “…which is associated with the blog-like service Yahoo! Voices”.
    i heard that formspring had some problems too. over 400k unsalted passwordhashes.

  4. ReVoLT
    July 12th, 2012 | 17:13

    Companies should be fined heavily whenever they’re caught storing plain-text passwords, there are god knows how many libraries to use and there is no excuse for not doing so

  5. qw
    July 13th, 2012 | 21:12

    lol @ all the dumb spammers posting links to nothing.
    There aren’t enough facepalms in the world to express how stupid they are.

Leave a reply