450,000 Yahoo accounts reportedly hacked, published online

Powered by SC Magazine
 

Clear text passwords dumped.

Up to 450,000 Yahoo! Voice account usernames and passwords have been stolen and published online.

The credentials, kept in clear text, were reportedly hacked by a group dubbed 'd33ds' and taken from Yahoo.com subdomain dbb1.ac.bf1.yahoo.com, according to security researcher and red team member Rob Fuller.

TrustedSec said the breached appeared to be a SQL injection attack to extract the sensitive information from the database.

The full text was available on the groups' website, which now appears offline.

 

Credit: TrustedSec

 

The group allegedly behind the attack had earlier taken credit for hacking rival groups and the hacking leader board RankMyHack.

Yahoo7 has referred SC to the United States Yahoo office for contact. The company does not promote Yahoo! Voice locally.

Eset security blogger Anders Nilsson has run an analysis with Pipal to uncover common passwords and domains with the dump.

Predictably, the most common passwords were '123456', 'password' and 'welcome' while domains Yahoo, Gmail and Hotmail appeared most frequently.

There were 1870 .edu domains, 93 .gov and 81 .mil.

The full password analysis is on Pastebin and a mirror of the dump has been posted to MediaFire.

Yahoo has confirmed the hack. More here.

Copyright © SC Magazine, Australia


450,000 Yahoo accounts reportedly hacked, published online
 
 
 
Top Stories
ATO shaves $4m off IT contractor panel
Reform cuts admin burden, introduces KPIs.
 
Turnbull introduces data retention legislation
Still no definition of metadata to be stored.
 
Crime Commission prepares core systems overhaul
Will replace 30 year-old national criminal database.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  27%
 
Sourcing and strategy
  13%
 
IT infrastructure (servers, storage, networking)
  21%
 
End user computing (desktops, mobiles, apps)
  14%
 
Software development
  25%
TOTAL VOTES: 437

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  54%
 
No
  46%
TOTAL VOTES: 210

Vote