Published: July 12, 2012
Yahoo! confirmed today an unwanted disclosure of stolen usernames and passwords belonging to 450,000 users of its service Yahoo! Voice, adding that only a small fraction of them are still valid.
The disclosure was made by a hacker group called "D33ds Company" that claimed responsibility for the attack informing that it was performed using a method called "union-based SQL injection." The group stated that it hopes that the security responsibles of the hacked service take this disclosure as a wake-up call and not as a threat.
Since users were registered to the attacked service with their personal email addresses as usernames, which were not necessarily from Yahoo! Mail, the attack could have left accounts from other companies also at risk, specifically in the cases in which users also utilized their exposed passwords for their email accounts from which the addresses were published.
Besides apologizing to all affected users, Yahoo! said it is changing their passwords, fixing the vulnerability that allowed the attack, and notifying companies that had users in the disclosed list.
By ROM Cartridge. Image Courtesy of The Last Paladin via Flickr
