Hackers Reveal 453K Yahoo Logins
But Yahoo says only 5% of the passwords are valid
By Kevin Spak,  Newser Staff
Posted Jul 12, 2012 12:30 PM CDT
In this May 20, 2012 file photo, a Yahoo sign stands outside the company's offices in Santa Clara, Calif.   (AP Photo/Paul Sakuma, File)

(Newser) – A hacking collective posted the login credentials of a whopping 453,000 Yahoo users online yesterday, saying they'd swiped them from a Yahoo subdomain using a technique that only works on poorly-secured Web apps that don't monitor text entered into various user input fields, Ars Technica reports. "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," the hacker group, known as D33D Company wrote.

"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure," the group added. Yahoo confirmed the breach today, saying it came from an "older file" in the Yahoo Contributor Network—formerly known as Associated Content, ZDNet reports. But it said only 5% of the passwords the group posted were still valid. The company said it was working to fix the vulnerability, and change the passwords on affected accounts.

My Take on This Story
Show results without voting  |