5 percent of stolen passwords were valid: Yahoo!

Powered by SC Magazine
 

No word on why passwords weren't encrypted.

Yahoo! has claimed only five percent of the 450,000 passwords stolen from its Voices service yesterday remain valid.

The company is disabling passwords and notifying companies whose domains were used by staff to register for the service.

The credentials were published in clear text in what the company claimed was an "older file".

However, Yahoo! did not respond to questions from SC about whether they were initially encrypted or why they were stored in clear text.

The group dubbed 'd33ds' claimed responsibility for the hack. Security researchers said the credentials were stolen from Yahoo.com subdomain dbb1.ac.bf1.yahoo.com.

Yahoo! said in a statement that it took "security very seriously" and invested "heavily in protective measures".

"We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised on July 11," a spokesperson said in a statement to SC.

Content from the Contributor Network was published on Yahoo! Voices among other sites.

"We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," the company said.

"We apologise to all affected users."

TrustedSec said the breached appeared to be a union-based SQL injection attack to extract the sensitive information from the database. Those attacks could force vulnerable databases to regurgitate large amounts of information by issuing crafted requests.

Users of Yahoo! Voices could validate their exposure to the breach by entering their email addresses into a tool created by Securi's Daniel Cid.

Copyright © SC Magazine, Australia


5 percent of stolen passwords were valid: Yahoo!
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  26%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 333

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 138

Vote