Hasta La Gadget!

Yahoo is putting all the blame on its Yahoo! Contributor Network for exposing more than 450,000 credentials on Wednesday this week. According to the Internet giant, its Yahoo! Contributor Network, formerly known as Associated Content, did not require any strong passwords, so it’s considerably easy for hackers to breach the website. Today, Yahoo is announcing that it has already deployed the much needed security measures and enhanced our underlying security controls to prevent further damage. Yahoo acquired Associated Content a few years ago. Hackers responsible for the deed have previously said that the data breach was intended to be a wake-up call for Yahoo. Check out Yahoo’s official statement after the break. (more…)

By Ubergizmo. Related articles: Yahoo confirms security breach on Yahoo! Voice, assures that a fix is underway, Yahoo! Voice reportedly compromised, over 453,000 credentials exposed,

Phandroid has announced that a hacker has recently accessed its user database, making off with usernames, email addresses and hashed passwords—and the problem looks like it could affect all of its one million-plus users. More »

Online account security breaches are seemingly commonplace these days — just ask LinkedIn or Sony — and now we can add Yahoo’s name to the list of hacking victims. The company’s confirmed that it had the usernames and passwords of over 400,000 accounts stolen from its servers earlier this week and the data was briefly posted online. The credentials have since been pulled from the web, but it turns out they weren’t just for Yahoo accounts, as Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com login info was also pilfered and placed on display. The good news? Those responsible for the breach said that the deed was done to simply show Yahoo the weaknesses in its software security. To wit:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

In response, Yahoo’s saying that a fix for the vulnerability is in the works, but the investigation is ongoing and its system has yet to be fully secured. In the meantime, the company apologized for the breach and is advising users to change their passwords accordingly. You can read the official party line below.

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

Filed under: Internet

Yahoo confirms server breach, over 400k accounts compromised originally appeared on Engadget on Thu, 12 Jul 2012 14:41:00 EDT. Please see our terms for use of feeds.

Permalink   |  TechCrunch, New York Times  | Email this | Comments

Early this morning it was revealed by a group of hackers, and now confirmed by Yahoo, that they’d busted past Yahoo’s security forces and posted the passwords for 400,000 user accounts online. This posting was accompanied by a note that warned Yahoo and similar sites to re-think their security measures. Meanwhile Yahoo has stated that they are investigating the matter and that, of course, they encourage everyone in their network to change their passwords immediately and frequently thereafter to retain privacy for all of their accounts.

The first note to be pushed today was made by the group of hackers responsible for the incident, this note telling Yahoo that they do not mean to cause the organization any harm, but that they wish Yahoo to take action in the form of much higher security measures in the future. This note read thusly:

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.” – Anon

Not to be mistaken for the hacker collective known as “Anonymous”, this initiative simply did not sign their name anywhere in the document. According to the BBC, Yahoo has sent a message out to them to confirm the situation and their actions in short:

“We are currently investigating the claims of a compromise of Yahoo! user IDs. [We encourage users to] change their passwords on a regular basis.” – Yahoo Spokesperson

This would be a great opportunity for everyone out there reading this post to head to your many varied accounts and change your passwords from something silly like “password123″ to something a bit more challenging like “donot8pickthis9!” That way you’ll be a bit more secure and wont be dumped like the 400k users today were overnight.

Yahoo confirms 400k account hacks is written by Chris Burns & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.

Yahoo! has reportedly suffered a huge user account security breach, with login credentials for in excess of 453,000 users having been released into the wild. Details of which of Yahoo!’s services has been hacked have not been released, though TrustedSec speculates that it is Yahoo Voice based on some of the subdomains included with the leaked list of 453,492 accounts.

The login details were released by a hack collective calling itself D33Ds Company, which claimed to have accessed the usernames and passwords with a union-based SQL injection, Ars Technica reports. Such an attack overloads a poorly-secured server with database commands; “By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information” Ars says.

However, D33Ds Company claims to have mitigated the potential damage of the leak by purposefully withholding more sensitive data. ”We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure” the group wrote. “Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Yahoo! is yet to comment on the breach, though it’s not the first embarrassing security gaffe at the company. Back in March, the company’s new Axis browser for iOS, PC and Mac was identified as having a potential loophole through which malware could install in the user’s browser.

453,000 Yahoo! accounts reportedly hacked is written by Chris Davies & originally posted on SlashGear.
© 2005 – 2012, SlashGear. All right reserved.