Home > Uncategorized > Yahoo confirms hacking of 400,000 accounts

Yahoo confirms hacking of 400,000 accounts

Yesterday the hacker group D33ds Company claimed responsibility for attacking a Yahoo service via a union-based SQL injection and exposing 453,492 plain text login credentials. According to zdnet.com today, Yahoo has confirmed this breach.

“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” a Yahoo spokesperson said in a statement. “We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”

The most important part of this confirmation is that this is an old file and that Yahoo believes only 5 percent of the credentials are valid. Taking this into account, this means an estimated 22,500 users are affected by this breach.

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s