Printed from http://www.electronista.com

Yahoo Voices server hacked, 400,000 passwords leaked

updated 01:56 am EDT, Thu July 12, 2012

No official statement by Yahoo on intrusion

Over 400,000 password and email combinations from a Yahoo Voices-rebranded Associated Content server have been posted onine in an apparent breach of security, according to security analyst Trusted Sec. The passwords are connected to their user-identification email addresses, not just from Yahoo, but also from Gmail, AOL, and more. The crowd-sourced question and answer service Associated Content was purchased by Yahoo in May 2010 and fully integrated into the Yahoo suite of products in December 2011.

The (large) text file was stored on the d33ds.co web server, but was not available at the time of this writing and has likely been pulled as the root domain is still connectible. The hackers responsible for the breach left a comment on the data dump, addressing Yahoo for lax security: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

Electronista has contacted Yahoo for comment and will update this story further if warranted. [via Trusted Sec]



By Electronista Staff
Post tools:

TAGS :

toggle

Comments

  1. taptapas

    Fresh-Faced Recruit

    Joined: 07-11-12

    Security 101 - don't store clear text passwords, hash them with a key and compare hashes. At least then if data is stolen the passwords remain safe. Over the past year or so we've seen many big companies loose data with clear passwords. I'd go as far as saying it should be mandated in law that companies storing third party passwords have to do this. Believing your data won't be compromised is the wrong approach, so design your systems to limit the damage if it is !

  1. lkrupp

    Junior Member

    Joined: 05-13-01

    Mandating security procedures won't work. The only way to get a company's attention is to hit them in the pocketbook. Make them civilly and possibly criminally liable for their customer's privacy and data loss. A few large judgements and suddenly those servers will be impenetrable. The bean counters will see to that right away.

  1. glork

    Fresh-Faced Recruit

    Joined: 07-12-12

    Searchable list of the emails / usernames is here:

    http://dazzlepod.com/yahoo/

  1. Marilisa

    Fresh-Faced Recruit

    Joined: 07-12-12

    Yikes! This is the first I've heard. Anyway to find out if I was affected? Thanks for good reporting. Marilisa

Login Here

Not a member of the MacNN forums? Register now for free.

toggle

Network Headlines

toggle

Most Popular

Sponsor

Recent Reviews

Asus Chromebook C300

When Chromebooks hit the market back in 2011, consumers didn't know what to do with them. The low-cost laptops, powered by Google's Ch ...

Plantronics BackBeat Pro Bluetooth headphones

Looking for a pair of headphones that can do everything a user requires is a task that can take some study. Trying to decide on in-ear ...

Lemur BlueDriver

"Oh no, the check engine light is on…again! What one of the hundreds of reasons could it be this time? Probably going to cost a fort ...

Sponsor

toggle

Most Commented

 
toggle

Popular News