infoTECH Feature

July 16, 2012

Yahoo E-mails and Passwords Compromised, Hackers Alert Yahoo

"The D33Ds Company," a group of hackers who hacked into Yahoo accounts and passwords, exposed an SQL injection vulnerability that existed on a subdomain – a 'wake- up call' for the company to strengthen its security.

The hacking exposed sensitive MySQL information and a list of more than 450,000 e-mails and passwords that had been retrieved in plain text. The compromised information is supposed to have come from Yahoo Voices, once known as a self-publishing service called Associate Content.

Poorly secured Web applications that don't properly scrutinize text entered into search boxes and other user input fields appeared to be the chief culprit. By using powerful database commands, attackers can trick backend servers into dumping huge amounts of sensitive information.

Commenting on the event, the hackers noted that there have been many security holes exploited in Web servers belonging to Yahoo that have caused far greater damage than the actual disclosure of the vulnerability. They urged Yahoo to take action to plug in the loopholes that existed in the subdomain.

Yahoo, while acknowledging the compromise on July 11, 2012 through an e-mail, apologized to all affected users and stated that they were taking immediate action by fixing the vulnerability that led to the disclosure of this data.

The company claimed that the stolen data was contained in an "older file," and only about 5 percent of the exposed credentials were still valid on the company’s server. It also stated that it had changed the passwords of the affected Yahoo users and notified the companies whose users accounts may have been compromised.

Caroline MacLeod-Smith, the head of consumer PR at Yahoo, urged users to change passwords on a regular basis and follow the safety tips provided by the company at

Ander Nilsson, chief technology officer at Eurosecure, did an analysis of the data and found out that other e-mail addresses (, and were also exposed. The data also revealed that users tend to use passwords such as “Password” or “123456” that could be hacked into very easily, highlighting the imperative need to educate users into using strong password.

This breach is yet another reminder of how important it is to be a bit more cryptic in how you secure yourself online.

Want to learn more about the latest in communications and technology? Then be sure to attend
ITEXPO West 2012, taking place Oct. 2-5, in Austin, TX. ITEXPO (News - Alert) offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. For more information on registering for ITEXPO click here.

Stay in touch with everything happening at ITEXPO. Follow us on Twitter.

Edited by Braden Becker

Subscribe to InfoTECH Spotlight eNews

InfoTECH Spotlight eNews delivers the latest news impacting technology in the IT industry each week. Sign up to receive FREE breaking news today!
FREE eNewsletter

infoTECH Whitepapers