A Yahoo! Voice server has been breached by hacking group D33Ds Company and 453,000 usernames and passwords have been posted online in plain text. TrustedSec reports that the sensitive data was obtained using a SQL injection attack that extracted the information from Yahoo!’s database servers early this morning.
In a statement to Ars Technica, D33Ds Company insisted that its attack should be treated as a “wake-up call, and not as a threat,” and said that it wants the parties who are responsible for managing the security of this subdomain to recognize the security holes that have allowed this attack and “not take them lightly.”
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.
“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
If you’re a Yahoo! user — even if you don’t use Yahoo! Voice — you are advised to change your password to ensure your account is protected. TechnoBuffalo won’t be linking to the data dump that includes these account details, for obvious reasons, but it’s not hard to find, so don’t assume your account will be safe if you leave it.
[via Ars Technica]