Yahoo confirms theft of 450,000 users' passwords | Inquirer Technology

Yahoo confirms theft of 450,000 users’ passwords

/ 11:03 PM July 13, 2012

A Yahoo sign stands outside the company's offices in Santa Clara, California. AP FILE PHOTO

LONDON—Some 450,000 Yahoo users’ email addresses and passwords have been leaked because of a security breach, the company confirmed Thursday, adding that just a small fraction of the stolen passwords were valid.

The company said in a statement that an “old file” from the Yahoo Contributor Network was compromised Wednesday. Among the stolen emails and passwords were many from Yahoo’s own email service along with those of other companies. The Yahoo Contributor Network is a content-sharing platform.

Article continues after this advertisement

Yahoo said it is fixing the vulnerability that led to the disclosure, changing the passwords of affected Yahoo users, and notifying other companies whose users’ accounts may have been compromised.

FEATURED STORIES

“We apologize to all affected users,” the company statement said.

Technology news websites including CNET, Ars Technica, and Mashable identified the hackers behind the attack as a little-known outfit calling itself the D33D Company. The group was quoted as saying it had stolen the unencrypted passwords using an SQL injection — the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable websites.

Article continues after this advertisement

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call,” the group was quoted as saying.

Article continues after this advertisement

Online security experts said Yahoo might have done more to protect the stored passwords, with Ohio-based TrustedSec describing the Internet giant’s decision not to encrypt them as “most alarming.”

Article continues after this advertisement

Nevertheless, the haul does not appear as useful to hackers as they might have thought. Yahoo cautioned that only 5 percent of passwords associated with its account holders were valid.

It was not immediately possible to contact the Ukraine-registered website associated with D33D Company. Its contact form was inoperable Thursday, while an email address and a phone number attributed to the site’s registrant appeared to be invalid.

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our daily newsletter

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

TOPICS: Password, security, Yahoo
TAGS: Password, security, Yahoo

Your subscription could not be saved. Please try again.
Your subscription has been successful.

Subscribe to our newsletter!

By providing an email address. I agree to the Terms of Use and acknowledge that I have read the Privacy Policy.

© Copyright 1997-2024 INQUIRER.net | All Rights Reserved

This is an information message

We use cookies to enhance your experience. By continuing, you agree to our use of cookies. Learn more here.