Yahoo security breach yields over 400,000 login credentials

Yahoo security breach yields over 400,000 login credentials

PanARMENIAN.Net - Yahoo appears to have been the victim of a security breach that yielded more than 400,000 login credentials stored in plain text, CNET reports.

The hacked data, posted to hacker site D33D Company, contained more than 453,000 login credentials and appears to have originated from the Web pioneer's network. The hackers, which said they used a union-based SQL injection technique to penetrate the Yahoo subdomain, said the data dump was intended to be a "wake-up call."

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," the hackers said in a comment at the bottom of the data. "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

The hacked subdomain appears to belong to Yahoo Voices, according to a TrustedSec report. Hackers apparently neglected to remove the host name from the data. That host name - dbb1.ac.bf1.yahoo.com - appears to be associated with the Yahoo Voices platform, which was formerly known as Associated Content.

 Top stories
Zuckerberg talked about the coming virtual reality wave, which his company made a big bet on when it purchased headset maker Oculus Rift.
YouTube, eager to capture cord cutters with original content, is about to debut one show and three movies to the Red subscription service.
"It looks like Google continues to execute on mobile advertising," said Neil Doshi managing director of research at Mizuho Securities.
Some of the executives are departing under pressure and others decided on their own to leave the company, the person said.
Partner news