Think Information. Think Security.
 
Picture
Hacking collective D33Ds Company has posted login details for more than 453,000 user accounts that it claims to have retrieved in plaintext from an unconfirmed service on Yahoo and 453,492 yahoo user credentials posted in public.

Ars Technica is reporting that the hackers used a union-based SQL injection to penetrate a Yahoo subdomain—a technique which, according to Ars, "preys on poorly secured web applications that don't properly scrutinize text entered into search boxes and other user input fields". That process can be used to trick servers into releasing large quantities of sensitive information.

Since, the TrustedSec blog has reported that the data comes from Yahoo Voice, also known as Associated Content, identified from the the string "dbb1.ac.bf1.yahoo.com" contained in the data. Currently that's unconfirmed by Yahoo, though, so it may pay to change any Yahoo password you're in possession of. [Ars Technica].

Cross-posted from: Gizmodo



Leave a Reply.