Yahoo Passwords of 400,000 Breached
Yahoo! has confirmed a security breach that might have exposed nearly half a million users’ email addresses and passwords.
It has reported the theft of some 400,000 user names and passwords to access websites including its own, saying that hackers had taken advantage of a security vulnerability in its computer systems.
Security firm Rapid7 said a data file published on the internet contained logins and cleartext passwords for Yahoo!, as well as several other Internet services, including Google’s Gmail and AOL as well as Microsoft’s Hotmail, MSN and Live sites.
“It’s way bigger than Yahoo!,” said Rapid7 researcher Marcus Carey. “We can assume that tens of thousands of people on services outside of Yahoo! could be compromised.”
Technology news websites including CNET, Ars Technica and Mashable quoted hackers calling themselves the D33D Company as claiming responsibility for the attack, adding that data posted to the group’s website carried more than 453,000 login credentials from an unidentified Yahoo! subdomain.
The little-known group have been quoted as saying that they had stolen the passwords using an SQL injection – the name given to a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call,” the group are also quoted as saying.
A Ukraine-registered website associated with D33D Company appeared to be unreachable on Thursday.
An email address and a phone number attributed to the site appeared to be invalid.