400,000 Yahoo passwords leaked

By Ken Presti, on Jul 13, 2012 8:01 AM
Filed under Security

All users potentially affected.

Yahoo is investigating the theft of more than 400,000 plaintext passwords that were posted on the internet Wednesday night.

While most of the passwords seem to have been taken from the Yahoo voice services, various industry sources are recommending that everyone with a Yahoo account immediately change their passwords.

“In addition to changing their Yahoo passwords, people should change the passwords on any accounts for other sites or applications where they reused the same password, and this time they should not be using the same thing!” said Marcus Carey, security researcher at Rapid7.

“In this particular case Gmail, AOL, Hotmail, Comcast, MSN, SBC Global and Verizon users had their data breached as well, because they could sign up with any email address. The users of these other services could also be compromised because of password reuse.”

A group called the D33DS Company has been attributed as the source of the breach. The hackers are believed to have used a Union-based SQL injection to collect the data.

The password dump was designed to make a public point about Yahoo’s security and the state of information security in general.

“Basic SQL injection techniques were used to exploit vulnerabilities identified by the hackers,” said Sean Roth, database security product marketing manager, at McAfee.

“It’s increasingly important to have visibility into the number, location and types of databases in the landscape in order to accurately assess your level of vulnerability and successfully address those threats, whether those threats come from the inside or from the outside.”

Yahoo has acknowledged the breach and is urging users to change their passwords.

The news comes on the heels of a series of similar password breaches at LinkedIn and eHarmony, among others.

This article originally appeared at crn.com

 
Follow us on Facebook and Twitter
 

Copyright © 2014 The Channel Company, LLC. All rights reserved.

400,000 Yahoo passwords leaked
Tags
 
 
 
 
 
Top Stories
How Nadella is re-engineering Microsoft
On the floor at last month's World Partner Conference.
 
Dicker Data on track for billion-dollar goal
Revenue approaches $700m for partial year running Express Data.
 
Datacom's search for a new Australian boss is over
Appointment comes as Kiwi firm profits surge – no thanks to Aussie business.
 
Sign up to receive CRN email bulletins
   FOLLOW US...
Polls
My business strategy is to:

Latest Comments
CRN Magazine

Issue: 330 | August 2014

CRN Magazine looks in-depth at the emerging issues and developments for the channel, and provides insight, analysis and strategic information to help resellers better run their businesses.