Yahoo said that only less than 5 percent of Voice accounts had still-valid passwords, but the leak of file had revealed e-mail addresses of hundreds of thousands of its users. In an emailed statement, Yahoo further said that it is working to fix the vulnerability that had caused the security breach. The company also assured of changing victim users' passwords and notifying companies with accounts that might have been compromised."We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com,” read the Yahoo statement.
Hackers group D33Ds Company posted a text file with the leaked information online and revealed they applied union-based SQL injection to breach the data. "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," D33Ds said in a message accompanying the leaked data.
"There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."
Meanwhile, The New York Times in its report says that the more than 400,000 usernames and passwords that have leaked included log-in information for mail, Hotmail, Comcast, MSN, Verizon, AOL, SBC Global and Live.com accounts. According to the U.S.-based Security Firm Rapid 7, the information features 106, 000 Gmail account credentials.
"The most alarming part of the entire story was the fact that the passwords were stored entirely unencrypted," the security firm said in its blog.
No comments:
Post a Comment