Yahoo probes report of password security breach

The online firm said in a statement obtained by BBC News: "We are currently investigating the claims of a compromise of Yahoo! user IDs," adding that it encouraged users to "change their passwords on a regular basis".

While Yahoo is taking a wait-and-see attitude toward the reported breach, the hacker group D33DS Company is proclaiming that it “owned and exposed” Yahoo Voices. It posted a document with more than 450,000 user email addresses and plain text passwords on its website.

The hacker group said it used a union-based SQL injection technique to steal the emails and passwords and posted them as a “wake-up call”, not as a “threat”.

“There are certainly questions which need to be answered – such as how were the hackers able to gain access to the information, and what measures was the site taking to ensure that even if its databases were breached, the passwords would not be easy to convert into plain text”, commented Anna Brading on Sophos’ Naked Security blog.
 

What’s Hot on Infosecurity Magazine?