Saturday, April 20, 2013

Yahoo hack steals 400,000 passwords. Is yours on the list? - CSMonitor.com

Yahoo, which has taken its share of hits in the last few years, added another black mark against it today when the theft of more than 400,000 accounts and as many as 450,000, including email addresses and passwords, was discovered.

Skip to next paragraph Recent posts 04.19.13Reddit slammed by massive online attack 04.18.13Google Glass guidelines: No ads, for now. No charging money, for now. 04.12.13Winklevoss twins try to buy up bitcoin market 04.10.13General Motors gives Facebook another try 04.04.13Samsung to open mini-stores in Best Buys Related stories 6 men alleged to be LulzSec hackers

Gmail breach: Eight tips to protect your e-mail account LinkedIn, Last.fm, now Yahoo? Don't ignore news of a password breach. ' + ' ' + '' + '' + ''; } else if (google_ads[0].type == "image") { ad_unit += ' 1) { ad_unit += ' Ads by GoogleTop Ranked MBA From UNCUNC's MBA Online Program ForWorking Executives. Learn More!www.OnlineMBA.unc.edu

The hacked emails and passwords were posted in a large text file.

The theft has been credited to a black-hat hacking crew called D33D, who most likely breached the server for Yahoo Voices, previously known as Associated Content, with an SQL injection hack. Because Yahoo purchased Associated Content in 2010, many non-Yahoo identities have been breached, including some with Google and AOL emails.

RELATED: Eight tips to protect your accounts

According to the Guardian, some names date back to 2006 and may be from an old list.

Seeing one's users hacked is bad news to begin with for any company, but it appears that the passwords stolen from Yahoo were not encrypted. As Information Week noted, this could put Yahoo in position to be prosecuted. Yahoo has claimed publicly that the information was protected. However if it turns out that such data was not encrypted properly, a court may find those claims to be fraudulent. As security researcher Christopher Soghoian tweeted, “Strong chance of FTC deception case re: Yahoo password breach via claim it maintains reasonable electronic safeguards.”

CNET sorted through the hacked passwords to discover sequential numbers were used 2,295 times. Among the most popular passwords in the file were “123456,” “111111,” “password” and  “password” plus numbers.

The hackers told several publications “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call.” By so doing, D33D make a claim for being do-gooders. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

If you have used Yahoo Voices or Associated Content, Dazzlepod has made the information searchable by account name.

RELATED: Eight tips to protect your accounts

via csmonitor.com

YES!!


Source:http://thepowersthatbeat.blogspot.com/2013/04/yahoo-hack-steals-400000-passwords-is.html

Yahoo hack steals 400,000 passwords. Is yours on the list? - CSMonitor.com Images

Yahoo hack steals 400,000 passwords. Is yours on the list? - CSMonitor ...
(380 x 253 - 19.44 KB - jpeg)

Yahoo hack steals 400,000 passwords. Is yours on the list? - CSMonitor ...
(600 x 400 - 38.02 KB - jpeg)

400,000 American homes have dumped pay-TV so far this year | teknoids
(652 x 489 - 57.62 KB - jpeg)

No comments:

Post a Comment