5 percent of stolen passwords were valid: Yahoo!

Powered by SC Magazine
 

No word on why passwords weren't encrypted.

Yahoo! has claimed only five percent of the 450,000 passwords stolen from its Voices service yesterday remain valid.

The company is disabling passwords and notifying companies whose domains were used by staff to register for the service.

The credentials were published in clear text in what the company claimed was an "older file".

However, Yahoo! did not respond to questions from SC about whether they were initially encrypted or why they were stored in clear text.

The group dubbed 'd33ds' claimed responsibility for the hack. Security researchers said the credentials were stolen from Yahoo.com subdomain dbb1.ac.bf1.yahoo.com.

Yahoo! said in a statement that it took "security very seriously" and invested "heavily in protective measures".

"We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised on July 11," a spokesperson said in a statement to SC.

Content from the Contributor Network was published on Yahoo! Voices among other sites.

"We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," the company said.

"We apologise to all affected users."

TrustedSec said the breached appeared to be a union-based SQL injection attack to extract the sensitive information from the database. Those attacks could force vulnerable databases to regurgitate large amounts of information by issuing crafted requests.

Users of Yahoo! Voices could validate their exposure to the breach by entering their email addresses into a tool created by Securi's Daniel Cid.

Copyright © SC Magazine, Australia


5 percent of stolen passwords were valid: Yahoo!
 
 
 
Top Stories
Earning the right to innovate
Breaking down the barriers to innovation is a long, but rewarding process, says Bank of Queensland Group CIO, Julie Bale.
 
A call for timely reporting
[Blog post] Businesses need incentives to keep customer data secure.
 
Doubts cast on Queensland's ICT Dashboard
Opposition, former Govt CIO say it can't be trusted.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  26%
 
Application integration concerns
  3%
 
Security and compliance concerns
  29%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  23%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  5%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 837

Vote