Slashdot Mirror

← Back to Stories (view on slashdot.org)

Nearly Half a Million Yahoo Passwords Leaked [Updated]

Posted by timothy on from the drop-in-the-bucket dept.

An anonymous reader writes "Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective 'D33Ds Company' following the compromise of a Yahoo subdomain. The attackers said that they managed to access the subdomain by leveraging a union-based SQL injection attack, which made the site return more information that it should have. According to Ars Technica, the dump also includes over 2,700 database table or column names and 298 MySQL variables retrieved during the attack." Update: 07/12 20:03 GMT by T :Reader techfun89 adds this update: "Yahoo has confirmed that the usernames and passwords of more than 400,000 accounts were stolen from their servers earlier this week and that data was briefly posted online. The information has since been removed but it wasn't just credentials for Yahoo, but also Gmail, AOL, Comcast, Hotmail, MSN, SBC Global, BellSouth, Verizon and Live.com as well."

6 of 233 comments (clear)

  1. stinking unions by reasterling · · Score: 5, Funny

    they managed to access the subdomain by leveraging a union-based SQL injection attack.

    So, the republicans are right. Unions are evil. ;)

    --
    "For I desired mercy, and not sacrifice" -- God
  2. Re:Ah, injection attacks.. by ArcherB · · Score: 5, Funny

    People just never seem to wrap your head around the fact that you never use raw user input for anything that a parser will look at, at any point in time!

    Here's probably the funniest discussion thread on injection attacks, ever.

    So, can I trust YOUR link?

    --
    There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
  3. Re:File by HyperQuantum · · Score: 5, Funny

    hunter2

    --
    I am not really here right now.
  4. Re:Plaintext passwords again? by Anonymous Coward · · Score: 5, Funny

    What's wrong with users changing passwords every week?

  5. Re:lastpass by Anonymous Coward · · Score: 4, Funny

    Please, don't be so harsh on SQL Injection victims. It happens all the time, and even to the best developers. Even at Yahoo! Look, between you and me, we at Sony suffered a lot from attacks - allegedly SQLi attacks... but actually, it was something else: you say "guard" against it? We have here the best Javascript developers. Our JS code checks the user input several times, even before it reaches our servers! No, you really don't know what you are talking about.

  6. Re:Plaintext passwords again? by somejeff · · Score: 5, Funny

    What's wrong with users changing passwords every week?

    I agree. I do it. This week it's Yahoo$20120708