Yahoo Password Hack: Where To Find A List Of Hacked Email Accounts.
The hacker collective, which calls itself "the D33Ds Company," claims it hacked into the online giant's (NASDAQ NASDAQ
in full National Association of Securities Dealers Automated Quotations
U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on : YHOO YHOO Yahoo! Inc. (NASDAQ symbol) ) database by using a rather pedestrian SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not attack -- the kind of hack so boringly easy it's a joke among hackers and geeks due to its utter simplicity. (An SQL injection has been likened to picking at a closed door only to find it was never locked in the first place.)
The company, however, said fewer than 5 percent of the Yahoo accounts posted had valid passwords.
"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised," the company said in an emailed statement, according to according to
1. As stated or indicated by; on the authority of: according to historians.
2. In keeping with: according to instructions.
3. the Wall Street Journal.
The unencrypted user names and passwords were pulled from a database that stored them in plain text and without the added security of a hashing technique -- an otherwise common practice for any company that handles sensitive user information.
"The subdomain and vulnerable parameters have not been posted to avoid further damage," the hackers said in a release that accompanied the list, according to (http://www.computerworld.com/s/article/9229042/Hackers_publish_over_450_000_emails_and_passwords_allegedly_stolen_from_Yahoo?taxonomyId=84) Computerworld .
The list of emails stretches just beyond just the Yahoo.com domain and includes login information for more than 106,000 Gmail accounts and 55,000 Hotmail accounts, among others.
The list of usernames and passwords has since been taken down, but the full list of 453,492 email addresses have been posted in a searchable database Refers to databases on the Web that are searchable by typing in a query. The term is quite redundant because all databases are searchable. In fact, that is one of their major features. (http://dazzlepod.com/yahoo/) here . You can also download a full list of usernames and passwords (http://d33ds.co.nyud.net/archive/yahoo-disclosure.txt) here .
Aside from exposing Yahoo's flawed security apparatus, the hackers exposed an all too common fact: too many users have dumb, simple passwords. The most common was "123456," followed by "password," according to an analysis by (http://news.cnet.com/8301-1009_3-57470878-83/yahoo-breach-swiped-passwords-by-the-numbers/?tag=mncol;txt) CNET .