Data of 453,000 people was stolen from Yahoo and published on the Internet
Data from the accounts of one of the Yahoo services from more than 453,000 people were stolen and posted online. The group of hackers responsible said the information was not encrypted, but found it in plain text, and that the attack would be a “wake-up call” for enterprise security.
“We hope the parties responsible for the safety of this subdomain take this as a warning, not as a threat,” the hackers.
The leak was posted on a site belonging to the group D33Ds Company and is said to be able to access the data through a Yahoo subdomain using a SQL injection. The technique is simple and speaks ill of the applications that are vulnerable to it.
To validate his claims, the hackers posted it the 453,000 accounts, more than 2,700 names of database tables or columns, and 298 variables MySQL, who say they have obtained with the attack.
“There have been many Security holes exploited in webservers owned by Yahoo! that have caused much more damage to our publication. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to prevent further damage, “he said.
According TrustedSec blog, the Yahoo Voice service would be affected. The company has not ruled on the issue, but if you have an account of these, it would be advisable to change the password (and also other services if they use the same password in several parts).
Link: Hackers expose credentials 453,000 Allegedly taken from Yahoo service (Ars Technica)Tags: Hacker, Security, SQL injection, Yahoo!