Hackers claim to have stolen 400,000 Yahoo passwords

Has the search giant become the latest high-profile name to be targeted by hackers?

Yahoo logo

Search giant Yahoo may have become the latest high-profile internet site to suffer a password leak after 453,491 of its users' login details were apparently posted online.

The username and passwords are said to belong to members of the Yahoo Voices content sharing network and were posted on the website of well-known hacking group D33Ds.

We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call.

In an accompanying post, the hacking group said the attack should prompt Yahoo into tightening its security.

"We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call, and not as a threat," said the group.

The breach follows on from last month's spate of password hacks, which blighted networking sites like LinkedIn, eHarmony and LastFM.

In another blog post by US security firm TrustedSec, it was claimed the information may have been obtained through an SQL injection attack.

"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public," said the post.

"The passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more," it added.

At the time of writing, IT Pro was awaiting a response from Yahoo.

However, according to a report on the BBC News site, Yahoo said it was investigating the breach.

Anna Brading, a contributor to Sophos' Naked Security blog, said, even though D33Ds say they have no plans to use the data, it is accessible to anyone online.

"The only silver lining on the cloud is that the website hosting the passwords is temperamental, and people are experiencing difficulties accessing the information," said Brading.

"But maybe the access problems are being caused by so many people trying to access the stolen passwords at once? "

Featured Resources

Become a digital service provider

How to transform your business from network core to edge

Download now

Optimal business results with the cloud

Evaluating the best approaches to hybrid cloud adoption

Download now

Virtualisation that enables choices, not compromises

Harness the virtualisation technology that's right for your hybrid infrastructure

Download now

Email security threat report 2020

Four key trends from spear fishing to credentials theft

Download now

Recommended

How LogPoint uses MITRE ATT&CK
Whitepaper

How LogPoint uses MITRE ATT&CK

15 Jan 2021
Hackers using COVID vaccine as a lure to spread malware
hacking

Hackers using COVID vaccine as a lure to spread malware

15 Jan 2021
Cyber criminals bypassing MFA to access cloud service accounts
two-factor authentication (2FA)

Cyber criminals bypassing MFA to access cloud service accounts

14 Jan 2021
Weekly threat roundup: Microsoft Defender, Adobe, Mimecast
vulnerability

Weekly threat roundup: Microsoft Defender, Adobe, Mimecast

14 Jan 2021

Most Popular

How to recover deleted emails in Gmail
email delivery

How to recover deleted emails in Gmail

6 Jan 2021
The fate of Parler exposes the reality of deregulated social media
Policy & legislation

The fate of Parler exposes the reality of deregulated social media

14 Jan 2021
Should IT departments to call time on WhatsApp?
communications

Should IT departments to call time on WhatsApp?

15 Jan 2021