Hackers publish details of 450,000 Yahoo! service users online

12 Jul 2012

Users of Yahoo! Voices may want to change their passwords, seeing how the service’s security may have been compromised early this morning.

Hacker collective ‘D33Ds Company’ has posted a list titled ‘Owned and Exposed’ online, revealing several details for the service, including all of the email addresses and passwords for Yahoo! Voices’ 450,000 users, reports have said.

“The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public,” information security firm Trusted Sec said in a post on its website.

“The method for the compromise was apparently a SQL injection attack to extract the sensitive information from the database.”

D33Ds Company said at the end of its post that it posted the users’ details as a “wake-up call” rather than a threat.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the post read. “There have been many security holes exploited in web servers belonging to Yahoo! Inc that have caused far greater damage than our disclosure.

“Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Yahoo! Voices is an online portal that contains videos, articles and slideshows on just about any topic, published by Yahoo! users.

Tina Costanza was a journalist and sub-editor at Silicon Republic