Yahoo confirms theft of 450,000 users' passwords (Update)

Jul 12, 2012 by RAPHAEL SATTER

Some 450,000 Yahoo users' email addresses and passwords have been leaked because of a security breach, the company confirmed Thursday, adding that just a small fraction of the stolen passwords were valid.

The company said in a statement that an "old file" from the Yahoo Contributor Network was compromised Wednesday. Among the stolen emails and passwords were many from Yahoo's own email service along with those of other companies. The Yahoo Contributor Network is a content-sharing platform.

Yahoo said it is fixing the vulnerability that led to the disclosure, changing the passwords of affected Yahoo users, and notifying other companies whose users' accounts may have been compromised.

"We apologize to all affected users," the company statement said.

Technology news websites including CNET, Ars Technica, and Mashable identified the hackers behind the attack as a little-known outfit calling itself the D33D Company. The group was quoted as saying it had stolen the unencrypted passwords using an SQL injection — the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable websites.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call," the group was quoted as saying.

Online security experts said Yahoo might have done more to protect the stored passwords, with Ohio-based TrustedSec describing the Internet giant's decision not to encrypt them as "most alarming."

Nevertheless, the haul does not appear as useful to hackers as they might have thought. Yahoo cautioned that only 5 percent of passwords associated with its account holders were valid.

It was not immediately possible to contact the Ukraine-registered website associated with D33D Company. Its contact form was inoperable Thursday, while an email address and a phone number attributed to the site's registrant appeared to be invalid.

Explore further: Apple helps iTunes users delete free U2 album

4.5 /5 (2 votes)
add to favorites email to friend print save as pdf

Related Stories

Hacker claims porn site users compromised

Feb 13, 2012

A hacker claims to have compromised the personal information of more than 350,000 users after breaking into a disused website operated by pornography provider Brazzers.

Spotlight falls on Sony's troubled cybersecurity

Jun 03, 2011

(AP) -- Another massive data breach at Sony has left hackers exulting, customers steaming and security experts questioning why basic fixes haven't been made to the company's stricken cybersecurity program.

Hackers claim new Sony cyberattack

Jun 03, 2011

Hackers have claimed to have compromised more than one million passwords, email addresses and other information from SonyPictures.com in the latest cyberattack on the Japanese electronics giant.

Password breach spreads beyond LinkedIn

Jun 07, 2012

More websites admitted security breaches Thursday after LinkedIn said some of its members' passwords were stolen, and experts warned of email scams targeting users of the social network. ...

Recommended for you

Protecting infrastructure with smarter CPS

4 hours ago

Security of IT networks is continually being improved to protect against malicious hackers. Yet when IT networks interface with infrastructures such as water and electric systems to provide monitoring and control capabilities, ...

Apple helps iTunes users delete free U2 album

17 hours ago

Apple on Monday began helping people boot U2 off their iTunes accounts after a cacophony of complaints about not wanting the automatically downloaded free album by the Irish rock band.

Habitual Facebook users: Suckers for social media scams?

23 hours ago

A new study finds that habitual use of Facebook makes individuals susceptible to social media phishing attacks by criminals, likely because they automatically respond to requests without considering how they are connected ...

YouTube to go offline in India on Android phones

Sep 15, 2014

YouTube users in India will soon be able to save videos from the Google-owned service, making it possible to watch them offline, and the feature will eventually be available globally, the company said Monday.

Facebook vs. loneliness

Sep 15, 2014

Are people becoming lonelier even as they feel more connected online? Hayeon Song, an assistant professor of communication at UWM, explored this topic in recent research.

User comments : 0