Printer Friendly

Yahoo Password Hack: Where To Find A List Of Hacked Email Accounts.

Hackers responsible for the massive security breach of more than 450,000 Yahoo accounts (http://professional.wsj.com/article/SB10001424052702304373804577522613740363638.html?mg=reno-wsj) published Thursday a (http://dazzlepod.com/yahoo/) complete list of the email addresses and passwords they compromised.

The hacker collective, which calls itself "the D33Ds Company," claims it hacked into the online giant's (NASDAQ: YHOO) database by using a rather pedestrian SQL injection attack -- the kind of hack so boringly easy it's a joke among hackers and geeks due to its utter simplicity. (An SQL injection has been likened to picking at a closed door only to find it was never locked in the first place.)

The company, however, said fewer than 5 percent of the Yahoo accounts posted had valid passwords.

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised," the company said in an emailed statement, according to the Wall Street Journal.

The unencrypted user names and passwords were pulled from a database that stored them in plain text and without the added security of a hashing technique -- an otherwise common practice for any company that handles sensitive user information.

"The subdomain and vulnerable parameters have not been posted to avoid further damage," the hackers said in a release that accompanied the list, according to (http://www.computerworld.com/s/article/9229042/Hackers_publish_over_450_000_emails_and_passwords_allegedly_stolen_from_Yahoo?taxonomyId=84) Computerworld .

The list of emails stretches just beyond just the Yahoo.com domain and includes login information for more than 106,000 Gmail accounts and 55,000 Hotmail accounts, among others.

The list of usernames and passwords has since been taken down, but the full list of 453,492 email addresses have been posted in a searchable database (http://dazzlepod.com/yahoo/) here . You can also download a full list of usernames and passwords (http://d33ds.co.nyud.net/archive/yahoo-disclosure.txt) here .

Aside from exposing Yahoo's flawed security apparatus, the hackers exposed an all too common fact: too many users have dumb, simple passwords. The most common was "123456," followed by "password," according to an analysis by (http://news.cnet.com/8301-1009_3-57470878-83/yahoo-breach-swiped-passwords-by-the-numbers/?tag=mncol;txt) CNET .
COPYRIGHT 2012 International Business Times
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:International Business Times - US ed.
Date:Jul 12, 2012
Words:383
Previous Article:Friday The 13th: 13 Things To Know About The Unluckiest Of Days.
Next Article:Dwight Howard To The Lakers? Howard Is The New LeBron James.
Topics:

Terms of use | Copyright © 2015 Farlex, Inc. | Feedback | For webmasters