Nearly Half a Million Yahoo Passwords Leaked [Updated]

Nearly Half a Million Yahoo Passwords Leaked [Updated] 233

Posted by timothy on Thursday July 12, 2012 @08:46AM from the drop-in-the-bucket dept.

An anonymous reader writes "Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective 'D33Ds Company' following the compromise of a Yahoo subdomain. The attackers said that they managed to access the subdomain by leveraging a union-based SQL injection attack, which made the site return more information that it should have. According to Ars Technica, the dump also includes over 2,700 database table or column names and 298 MySQL variables retrieved during the attack." Update: 07/12 20:03 GMT by T :Reader techfun89 adds this update: "Yahoo has confirmed that the usernames and passwords of more than 400,000 accounts were stolen from their servers earlier this week and that data was briefly posted online. The information has since been removed but it wasn't just credentials for Yahoo, but also Gmail, AOL, Comcast, Hotmail, MSN, SBC Global, BellSouth, Verizon and Live.com as well."

Nearly Half a Million Yahoo Passwords Leaked [Updated]

This discussion has been archived. No new comments can be posted.

Search 233 Comments Log In/Create an Account

Comments Filter:

stinking unions (Score:5, Funny)

by reasterling ( 1942300 ) writes: on Thursday July 12, 2012 @08:58AM (#40627075) Homepage

they managed to access the subdomain by leveraging a union-based SQL injection attack.
So, the republicans are right. Unions are evil. ;)

Re:Ah, injection attacks.. (Score:5, Funny)

by ArcherB ( 796902 ) writes: on Thursday July 12, 2012 @08:59AM (#40627085) Journal

People just never seem to wrap your head around the fact that you never use raw user input for anything that a parser will look at, at any point in time!
Here's probably the funniest discussion thread on injection attacks [thedailywtf.com], ever.
So, can I trust YOUR link?

Re:File (Score:5, Funny)

by HyperQuantum ( 1032422 ) writes: on Thursday July 12, 2012 @09:29AM (#40627335) Homepage

hunter2

Re:Plaintext passwords again? (Score:5, Funny)

by Anonymous Coward writes: on Thursday July 12, 2012 @09:53AM (#40627527)

What's wrong with users changing passwords every week?

Re:lastpass (Score:4, Funny)

by Anonymous Coward writes: on Thursday July 12, 2012 @10:08AM (#40627633)

Please, don't be so harsh on SQL Injection victims. It happens all the time, and even to the best developers. Even at Yahoo! Look, between you and me, we at Sony suffered a lot from attacks - allegedly SQLi attacks... but actually, it was something else: you say "guard" against it? We have here the best Javascript developers. Our JS code checks the user input several times, even before it reaches our servers! No, you really don't know what you are talking about.

Re:Plaintext passwords again? (Score:5, Funny)

by somejeff ( 825047 ) writes: on Thursday July 12, 2012 @10:45AM (#40627953) Journal

What's wrong with users changing passwords every week?
I agree. I do it. This week it's Yahoo$20120708

There may be more comments in this discussion. Without JavaScript enabled, you might want to turn on Classic Discussion System in your preferences instead.

Nearly Half a Million Yahoo Passwords Leaked [Updated] 233

Nearly Half a Million Yahoo Passwords Leaked [Updated] More Login

Nearly Half a Million Yahoo Passwords Leaked [Updated]

stinking unions (Score:5, Funny)

Re:Ah, injection attacks.. (Score:5, Funny)

Re:File (Score:5, Funny)

Re:Plaintext passwords again? (Score:5, Funny)

Re:lastpass (Score:4, Funny)

Re:Plaintext passwords again? (Score:5, Funny)

Related Links Top of the: day, week, month.

Slashdot Top Deals

Slashdot