Thursday, July 12, 2012


Yahoo! Voices Website Hacked 450,000+ Compromised


A hacker group going by the name of D33ds Company has claimed responsibility for an attack against the Yahoo! Voices service that has resulted in over 450,000 usernames and passwords being leaked.
The entire username and password list is currently available for download.
The group say a weakness in the website allowed them to access the database using a technique called SQL injection.

“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” a Yahoo spokesperson told TechCrunch.
Yahoo! is downplaying the claiming that less than 5 percent of the accounts leaked have correct passwords.

“We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”

Despite this, all users of the Yahoo! Voices service are advised to change their passwords IMMEDIATELY. Also, if you’ve used the same login credentials on other websites then you should change your password there too.

Security firm ESET have carried out a statistical analysis of the leaked passwords and compiled a list of the top ten passwords used, and all of them and weak and easily guessed:


123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

This list accounts for more than 1 percent of the passwords leaked.