Yahoo’s head of U.K. consumer public
relations Caroline MacLeod-Smith said Thursday that they’re investigating a
potential security breach to its 450,000 Yahoo user’s email addresses and
passwords. To add that, New York Times reported that this shocking security
breach affected a number of users with accounts in Gmail, AOL, Hotmail,
Comcast, MSN, SBC Global, Verizon, Bellsouth and Live.com.
The responsible for this website hacking
known as D33Ds Company said that it penetrated Yahoo’s subdomain with
union-based SQL injection. It attacks poorly secured web applications. The
trick used by hackers is to dump huge amounts of sensitive information onto the
back-end servers. To support their claim of Yahoo’s vulnerability, they even
posted what they said were the plaintext credentials for exactly 453,492 Yahoo
accounts, more than 2,700 database table or column names and 298 MySQL
variables that they have obtained.
They even left a note at the end of the dump.
“We hope that the parties responsible for managing the security of this
subdomain will take this as a wake-up call and not as a threat. There have been
many security holes exploited in webservers belonging to Yahoo! Inc. that have
caused far greater damage than our disclosure. Please do not take them lightly.
The subdomain and vulnerable parameters have not been posted to avoid further
damage.”
Yahoo confirmed this shocking password
theft. “We are fixing the vulnerability that led to the disclosure of this
data, changing passwords of the affected Yahoo! Users and notifying the
companies whose user’s accounts may have been compromised. We apologize to
affected users. We encourage users to change their passwords on a regular basis
and also familiarize themselves with our online safety tips at
security.yahoo.com.”
0 comments:
Post a Comment