450,000 Yahoo accounts reportedly hacked, published online

By

Clear text passwords dumped.

Up to 450,000 Yahoo! Voice account usernames and passwords have been stolen and published online.

450,000 Yahoo accounts reportedly hacked, published online

The credentials, kept in clear text, were reportedly hacked by a group dubbed 'd33ds' and taken from Yahoo.com subdomain dbb1.ac.bf1.yahoo.com, according to security researcher and red team member Rob Fuller.

TrustedSec said the breached appeared to be a SQL injection attack to extract the sensitive information from the database.

The full text was available on the groups' website, which now appears offline.

 

Credit: TrustedSec

 

The group allegedly behind the attack had earlier taken credit for hacking rival groups and the hacking leader board RankMyHack.

Yahoo7 has referred SC to the United States Yahoo office for contact. The company does not promote Yahoo! Voice locally.

Eset security blogger Anders Nilsson has run an analysis with Pipal to uncover common passwords and domains with the dump.

Predictably, the most common passwords were '123456', 'password' and 'welcome' while domains Yahoo, Gmail and Hotmail appeared most frequently.

There were 1870 .edu domains, 93 .gov and 81 .mil.

The full password analysis is on Pastebin and a mirror of the dump has been posted to MediaFire.

Yahoo has confirmed the hack. More here.

Got a news tip for our journalists? Share it with us anonymously here.

Copyright © SC Magazine, Australia

Tags:
hackingpasswordssecurityyahoo

Sponsored Whitepapers

Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
Futureproof Your Business with Datacom and AMD: Seamless Windows 11 Transition
See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra

Events

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'
Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?