Tellos Athenaios
07-12-2012, 15:08
Or as the Register put it: UNION ALL SELECT here, we, go, again FROM passwords (http://www.theregister.co.uk/2012/07/12/yahoo_voice_password_flap/)
In other words: some Yahoo web property got hacked using the tried and true technique of SQL injection... Worse, passwords were stored in plain text, that means over 453K passwords were snaffled and posted to some internet forum. I'm guessing that a fair number of them would also happen to be passwords to Yahoo e-mail accounts and what have you.
A Yahoo! service has apparently succumbed to a simple database attack that leaked 453,000 unencrypted account passwords online.
A huge document containing the lifted SQL structures, software variables, usernames and cleartext passwords was linked to from a web forum. In the file, the hackers described the break-in as "a wake-up call and not a threat".
The data dump included the hostname dbb1.ac.bf1.yahoo.com, which is associated with the blog-like service Yahoo! Voices, TrustedSec reports - although there was some confusion over whether the hacked service was in fact the internet telephone call app Yahoo! Voice.
Linky:
http://arstechnica.com/security/2012/07/yahoo-service-hacked/
http://blog.eset.se/statistics-about-yahoo-leak-of-450-000-plain-text-accounts/
So to summarise it is 2012 and Yahoo apparently treats your accounts like it's still stuck in 1992. Consider moving at the first chance.
For those who don't know what SQL injection is I hope you are not doing *anything* which involves some sort of SQL database much less any which contains some account of mine. :sweatdrop:
In other words: some Yahoo web property got hacked using the tried and true technique of SQL injection... Worse, passwords were stored in plain text, that means over 453K passwords were snaffled and posted to some internet forum. I'm guessing that a fair number of them would also happen to be passwords to Yahoo e-mail accounts and what have you.
A Yahoo! service has apparently succumbed to a simple database attack that leaked 453,000 unencrypted account passwords online.
A huge document containing the lifted SQL structures, software variables, usernames and cleartext passwords was linked to from a web forum. In the file, the hackers described the break-in as "a wake-up call and not a threat".
The data dump included the hostname dbb1.ac.bf1.yahoo.com, which is associated with the blog-like service Yahoo! Voices, TrustedSec reports - although there was some confusion over whether the hacked service was in fact the internet telephone call app Yahoo! Voice.
Linky:
http://arstechnica.com/security/2012/07/yahoo-service-hacked/
http://blog.eset.se/statistics-about-yahoo-leak-of-450-000-plain-text-accounts/
So to summarise it is 2012 and Yahoo apparently treats your accounts like it's still stuck in 1992. Consider moving at the first chance.
For those who don't know what SQL injection is I hope you are not doing *anything* which involves some sort of SQL database much less any which contains some account of mine. :sweatdrop: