Yahoo Voice Hacked, 4,50,000 Passwords Posted Online
Hackers broke into Yahoo's Voice website by SQL Injection attack and posted what appeared to be data from some 4,50,000 accounts.
A blog post on TrustedSec.com said that while there has been no confirmation as of Thursday afternoon, the affected website was named as a subdomain of Yahoo.com.
The most disturbing thing was all passwords were in Plain Text. The affected website was only named as a subdomain of yahoo.com; "yahoo Voice" however digging through and searching for the hostname, the attacker forgot to remove the hostname 'dbb1.ac.bf1.yahoo.com' (and) it appears that the compromised server was likely 'Yahoo! Voice' which was formally known as Associated Content," it said.
TrustedSec said the method for the compromise was apparently an SQL Injection attack to extract the sensitive information from the database.
While TrustedSec provided a link to the site where the supposed compromised data was posted, the site was inaccessible as of 4 p.m. Thursday, Manila time.There has been no official confirmation from Yahoo or any other sources.
Hacker said that “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,”
“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure.
“Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
The group also included this quote from Jean Vanier in its closing remarks: “Growth begins when we begin to accept our own weakness.”