400,000 Yahoo! Passwords Hacked

Hacktivists Call Attention to 'Security Holes'
400,000 Yahoo! Passwords Hacked

A hacking group calling itself D33Ds Company has posted more than 400,000 Yahoo! usernames and passwords online.

See Also: Effective Communication Is Key to Successful Cybersecurity

Yahoo! confirmed in a statement that an older file from the Yahoo! Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo! and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo! accounts had valid passwords," the statement notes.

"We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users' accounts may have been compromised," the statement adds.

The company is encouraging all users to change their passwords. It's also pointing its users to security.yahoo.com, which allows users to familiarize themselves with Yahoo!'s online safety tips.

DD3Ds Company took responsibility for the attack, stating, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure."

The information was posted in a text file on the hacktivists' website.

Security firm TrustedSec posted a message on its website contending that the usernames and passwords were stored in clear text and were unencrypted.

"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public," the company said.

But Yahoo! officials declined to offer further comment beyond the statement.


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.