5 percent of stolen passwords were valid: Yahoo!

By on
5 percent of stolen passwords were valid: Yahoo!

No word on why passwords weren't encrypted.

Yahoo! has claimed only five percent of the 450,000 passwords stolen from its Voices service yesterday remain valid.

The company is disabling passwords and notifying companies whose domains were used by staff to register for the service.

The credentials were published in clear text in what the company claimed was an "older file".

However, Yahoo! did not respond to questions from SC about whether they were initially encrypted or why they were stored in clear text.

The group dubbed 'd33ds' claimed responsibility for the hack. Security researchers said the credentials were stolen from Yahoo.com subdomain dbb1.ac.bf1.yahoo.com.

Yahoo! said in a statement that it took "security very seriously" and invested "heavily in protective measures".

"We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised on July 11," a spokesperson said in a statement to SC.

Content from the Contributor Network was published on Yahoo! Voices among other sites.

"We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised," the company said.

"We apologise to all affected users."

TrustedSec said the breached appeared to be a union-based SQL injection attack to extract the sensitive information from the database. Those attacks could force vulnerable databases to regurgitate large amounts of information by issuing crafted requests.

Users of Yahoo! Voices could validate their exposure to the breach by entering their email addresses into a tool created by Securi's Daniel Cid.

Copyright © SC Magazine, Australia

Tags:

Most Read Articles

You must be a registered member of iTnews to post a comment.
| Register

Poll

How should the costs of Australia's piracy scheme be split?
Rights holders should foot the whole bill
50/50
ISPs should foot the whole bill
Government should chip in a bit
Other
Flash is heading towards its grave, and that's...
Great! Good riddance
Sad! Flash had some good qualities
Irrelevant. I don't care
What's Flash?
View poll archive

Whitepapers from our sponsors

What will the stadium of the future look like?
What will the stadium of the future look like?
New technology adoption is pushing enterprise networks to breaking point
New technology adoption is pushing enterprise networks to breaking point
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
Gartner names IBM a 'Leader' for Disaster Recovery as a Service
The next era of business continuity: Are you ready for an always-on world?
The next era of business continuity: Are you ready for an always-on world?

Log In

Username:
Password:
|  Forgot your password?