Yahoo Voices Hacked:Change your passwords ASAP.
 |
| Hacked! |
More than 450,000 usernames and unencrypted passwords appear to have been stolen from Yahoo
Voice, a user-contribution services on Yahoo's network, and posted online.
Similar attacks have been reported separately against other online services, including
Android Forums
Android Forums
, where users are being encouraged to change their passwords immediately, and to
check whether they used the same password on other services.
It is not known whether the attacks are linked. Both Formspring and Android Forums encrypted the
passwords that they stored, although that is not a guarantee that they cannot be cracked.
However the Yahoo attack is potentially the most serious. Yahoo bought Associated Content for $100m
(£64.5m) in May 2010, and then set it up as Yahoo Voices, allowing user-generated content to be posted
online.
Yahoo claims to have more than 600,000 contributors – which would include many of the data dump if
it is verified. The Guardian could not verify whether any of the accounts were still active.
That potentially puts far more at risk than just the Yahoo Voices accounts if they are still active.
Writing at the Trusted Security site, David Kennedy noted that: "The passwords [were linked to] a wide
variety of email addresses including those from yahoo.com, gmail.com, [and] aol.com," and that they
seem to have been extracted using an SQL injection attack – an increasingly common form of hacking
attack in which flaws in the database and web software are exploited to get administrator-level access to
the contents and structure of a database.
No comments:
Post a Comment