When social media giant LinkedIn had their customers’ passwords compromised several weeks ago, many people woke up and realized the severity of cyber threats. The latest major breach of cyber security happened recently at Yahoo where hundreds of thousands of passwords were leaked on the internet. Information Week reports on the cyber attack and what it means for Yahoo customers:
Yahoo Voice users: Change your Yahoo password immediately.
A hacker or hacking group that bills itself as “DD3Ds Company” Thursday leaked what it said were plaintext passwords for 453,492 Yahoo accounts, as well as over 2,700 database table or column names, and 298 MySQL variables. DD3Ds said it obtained the data by executing a SQL injection attack against an unnamed Yahoo subdomain, which security experts have identified as being Yahoo Voice.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” read a note included in the password dump. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
A Yahoo spokesman said that the company is currently investigating the alleged password leak. “We are currently investigating the claims of a compromise of Yahoo! user IDs. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com,” he said. “At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products.”
