Hackers calling themselves the D33Ds Company published the list of unencrypted emails and passwords on the Web with a message explaining that they’d been taken from a unnamed Yahoo! service using a SQL injection vulnerability, a technique that can sneak commands into a website’s input fields to trick it into coughing up data from a back-end database. The security firm TrustedSec claims that it’s linked the stolen data with the Yahoo! Voice service.
More than 400,000 Yahoo user names and passwords were stolen and published on the Web, putting other websites at risk as well, after hackers exploited a vulnerability in Yahoo’s computer systems.
Some logins for Google, AOL and Microsoft services were among those compromised. The three companies said they required affected users to reset passwords for sites including Gmail, AOL, Hotmail, MSN and Live.com.
Yahoo spokeswoman Dana Lengkeek said “an older file” had been stolen from Yahoo Contributor Network, an Internet publishing service that Yahoo purchased about two years ago. It helps writers, photographers and videographers to sell their work over the Web.
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users’ accounts may have been compromised,” she said.
Are Microsoft, AOL, and Google the next ones to be hacked?
As a precaution, Tech Today recommends that you change or reset your password for your accounts on Yahoo, Google, Microsoft and AOL.
Sources: IBN Live; Forbes; Price N Fees.