400,000 Yahoo! Passwords Hacked
Hacktivists Call Attention to 'Security Holes'
A hacking group calling itself D33Ds Company has posted more than 400,000 Yahoo! usernames and passwords online.
See Also: Are You APT-Ready? The Role of Breach and Attack Simulation
Yahoo! confirmed in a statement that an older file from the Yahoo! Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo! and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo! accounts had valid passwords," the statement notes.
"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users' accounts may have been compromised," the statement adds.
The company is encouraging all users to change their passwords. It's also pointing its users to security.yahoo.com, which allows users to familiarize themselves with Yahoo!'s online safety tips.
DD3Ds Company took responsibility for the attack, stating, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure."
The information was posted in a text file on the hacktivists' website.
Security firm TrustedSec posted a message on its website contending that the usernames and passwords were stored in clear text and were unencrypted.
"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public," the company said.
But Yahoo! officials declined to offer further comment beyond the statement.
