Unknown hacker group leaks 4.5 lakh Yahoo passwords

13 Jul 2012

An unknown hacker group calling itself ''DD3Ds Company" claimed responsibility for hacking into Yahoo and posting online details of more than 4.5 lakh user names and passwords from the search giant's server stored in plain text.

The hacker group appears to have hacked servers connected to Yahoo Voices, a user-generated section of the site that runs on Yahoo's instant messenger, and also posted over 2,700 database table or column names, and 298 MySQL variables on a pubic website.

Responding to the attack after four hours, Yahoo said, "We confirm that an older file from Yahoo Contributor Network... containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday.''

"Of these, less than 5% of the Yahoo accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised."

The hacker group said that it had broken into the passwords using an SQL injection – a term commonly used in which hackers use rogue commands to pilfer data from less secure websites.

In a note posted online along with password data, DD3Ds Company said, ''We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat."