Yahoo Password Hack: Where To Find A List Of Hacked Email Accounts.
The hacker collective, which calls itself "the D33Ds Company," claims it hacked into the online giant's (NASDAQ: YHOO) database by using a rather pedestrian SQL injection attack -- the kind of hack so boringly easy it's a joke among hackers and geeks due to its utter simplicity. (An SQL injection has been likened to picking at a closed door only to find it was never locked in the first place.)
The company, however, said fewer than 5 percent of the Yahoo accounts posted had valid passwords.
"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised," the company said in an emailed statement, according to the Wall Street Journal.
The unencrypted user names and passwords were pulled from a database that stored them in plain text and without the added security of a hashing technique -- an otherwise common practice for any company that handles sensitive user information.
"The subdomain and vulnerable parameters have not been posted to avoid further damage," the hackers said in a release that accompanied the list, according to (http://www.computerworld.com/s/article/9229042/Hackers_publish_over_450_000_emails_and_passwords_allegedly_stolen_from_Yahoo?taxonomyId=84) Computerworld .
The list of emails stretches just beyond just the Yahoo.com domain and includes login information for more than 106,000 Gmail accounts and 55,000 Hotmail accounts, among others.
The list of usernames and passwords has since been taken down, but the full list of 453,492 email addresses have been posted in a searchable database (http://dazzlepod.com/yahoo/) here . You can also download a full list of usernames and passwords (http://d33ds.co.nyud.net/archive/yahoo-disclosure.txt) here .
Aside from exposing Yahoo's flawed security apparatus, the hackers exposed an all too common fact: too many users have dumb, simple passwords. The most common was "123456," followed by "password," according to an analysis by (http://news.cnet.com/8301-1009_3-57470878-83/yahoo-breach-swiped-passwords-by-the-numbers/?tag=mncol;txt) CNET .
|Printer friendly Cite/link Email Feedback|
|Publication:||International Business Times - US ed.|
|Date:||Jul 12, 2012|
|Previous Article:||Friday The 13th: 13 Things To Know About The Unluckiest Of Days.|
|Next Article:||Dwight Howard To The Lakers? Howard Is The New LeBron James.|