Nearly Half a Million Yahoo Passwords Leaked [Updated] 233
An anonymous reader writes "Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective 'D33Ds Company' following the compromise of a Yahoo subdomain. The attackers said that they managed to access the subdomain by leveraging a union-based SQL injection attack, which made the site return more information that it should have. According to Ars Technica, the dump also includes over 2,700 database table or column names and 298 MySQL variables retrieved during the attack."
Update: 07/12 20:03 GMT by T :Reader techfun89 adds this update: "Yahoo has confirmed that the usernames and passwords of more than 400,000 accounts were stolen from their servers earlier this week and that data was briefly posted online. The information has since been removed but it wasn't just credentials for Yahoo, but also Gmail, AOL, Comcast, Hotmail, MSN, SBC Global, BellSouth, Verizon and Live.com as well."
stinking unions (Score:5, Funny)
So, the republicans are right. Unions are evil. ;)
Re:Ah, injection attacks.. (Score:5, Funny)
People just never seem to wrap your head around the fact that you never use raw user input for anything that a parser will look at, at any point in time!
Here's probably the funniest discussion thread on injection attacks [thedailywtf.com], ever.
So, can I trust YOUR link?
Re:File (Score:5, Funny)
hunter2
Re:Plaintext passwords again? (Score:5, Funny)
What's wrong with users changing passwords every week?
Re:lastpass (Score:4, Funny)
Re:Plaintext passwords again? (Score:5, Funny)
What's wrong with users changing passwords every week?
I agree. I do it. This week it's Yahoo$20120708