More than 450,000 e-mail addresses and passwords stolen from Yahoo Voices
Yahoo has become the latest victim of high-profile data breaches where more than 450,000 e-mail addresses and passwords have been stolen. More worryingly, the information was not stored in an encrypted format and has been published online. Whilst Yahoo is investigating the breach, it is likely to affect users of Yahoo Voices.
Along with the information published by the hacker group, D33Ds Company, the hackers also posted this note:
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
In a blog post, Yahoo said they believe that less than 5% of the passwords stolen will be valid. The data was obtained by leveraging an SQL injection vulnerability to the affected sub-domain.
Change your password
As a general security precaution, users are advised to change the password associated with their Yahoo accounts. Remember to use different passwords for different services. You can create strong passwords and store them securely using the free online password manager, Passpack.
Update: Yahoo confirms data was hacked
Yahoo has confirmed that 450,000 e-mail addresses and passwords stolen by D33Ds was from Yahoo Contributor Network, previously known as Associated Content. They also issued the following statement:
“We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users.”
In addition, Yahoo urged its customers to check Yahoo’s Security Center to activate additional account security features.