Printer Friendly
The Free Library
23,416,916 articles and books


Yahoo Password Hack: Where To Find A List Of Hacked Email Accounts.

Hackers responsible for the massive security breach of more than 450,000 Yahoo accounts (http://professional.wsj.com/article/SB10001424052702304373804577522613740363638.html?mg=reno-wsj) published Thursday a (http://dazzlepod.com/yahoo/) complete list of the email addresses and passwords they compromised.

The hacker collective, which calls itself "the D33Ds Company," claims it hacked into the online giant's (NASDAQ NASDAQ
 in full National Association of Securities Dealers Automated Quotations

U.S. market for over-the-counter securities. Established in 1971 by the National Association of Securities Dealers (NASD), NASDAQ is an automated quotation system that reports on
: YHOO YHOO Yahoo! Inc. (NASDAQ symbol) ) database by using a rather pedestrian SQL injection SQL injection is a technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not  attack -- the kind of hack so boringly easy it's a joke among hackers and geeks due to its utter simplicity. (An SQL injection has been likened to picking at a closed door only to find it was never locked in the first place.)

The company, however, said fewer than 5 percent of the Yahoo accounts posted had valid passwords.

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised," the company said in an emailed statement, according to according to
prep.
1. As stated or indicated by; on the authority of: according to historians.

2. In keeping with: according to instructions.

3.
 the Wall Street Journal.

The unencrypted user names and passwords were pulled from a database that stored them in plain text and without the added security of a hashing technique -- an otherwise common practice for any company that handles sensitive user information.

"The subdomain and vulnerable parameters have not been posted to avoid further damage," the hackers said in a release that accompanied the list, according to (http://www.computerworld.com/s/article/9229042/Hackers_publish_over_450_000_emails_and_passwords_allegedly_stolen_from_Yahoo?taxonomyId=84) Computerworld .

The list of emails stretches just beyond just the Yahoo.com domain and includes login information for more than 106,000 Gmail accounts and 55,000 Hotmail accounts, among others.

The list of usernames and passwords has since been taken down, but the full list of 453,492 email addresses have been posted in a searchable database Refers to databases on the Web that are searchable by typing in a query. The term is quite redundant because all databases are searchable. In fact, that is one of their major features.  (http://dazzlepod.com/yahoo/) here . You can also download a full list of usernames and passwords (http://d33ds.co.nyud.net/archive/yahoo-disclosure.txt) here .

Aside from exposing Yahoo's flawed security apparatus, the hackers exposed an all too common fact: too many users have dumb, simple passwords. The most common was "123456," followed by "password," according to an analysis by (http://news.cnet.com/8301-1009_3-57470878-83/yahoo-breach-swiped-passwords-by-the-numbers/?tag=mncol;txt) CNET .
COPYRIGHT 2012 International Business Times
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 2012 Gale, Cengage Learning. All rights reserved.

 Reader Opinion

Title:

Comment:



 

Article Details
Printer friendly Cite/link Email Feedback
Publication:International Business Times - US ed.
Date:Jul 12, 2012
Words:383
Previous Article:Friday The 13th: 13 Things To Know About The Unluckiest Of Days.
Next Article:Dwight Howard To The Lakers? Howard Is The New LeBron James.
Topics:

Terms of use | Copyright © 2014 Farlex, Inc. | Feedback | For webmasters