Yahoo Inc. has said it is investigating reports of a security breach that saw nearly half a million users' e-mail addresses and passwords leaking to the Internet. The company, however, confirmed the compromised user information belongs to Yahoo Voices services, previously known as Associated Content. Hackers belonging to a group called 'D33Ds Company' have claimed responsibility of the security breach.
Yahoo said that only less than 5 percent of Voice accounts had still-valid passwords, but the leak of file had revealed e-mail addresses of hundreds of thousands of its users. In an emailed statement, Yahoo further said that it is working to fix the vulnerability that had caused the security breach. The company also assured of changing victim users' passwords and notifying companies with accounts that might have been compromised.
"We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com,” read the Yahoo statement.
Hackers group D33Ds Company posted a text file with the leaked information online and revealed they applied union-based SQL injection to breach the data. "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," D33Ds said in a message accompanying the leaked data.
"There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."
Meanwhile, The New York Times in its report says that the more than 400,000 usernames and passwords that have leaked included log-in information for mail, Hotmail, Comcast, MSN, Verizon, AOL, SBC Global and Live.com accounts. According to the U.S.-based Security Firm Rapid 7, the information features 106, 000 Gmail account credentials.
"The most alarming part of the entire story was the fact that the passwords were stored entirely unencrypted," the security firm said in its blog.
Yahoo's data breach comes days after professional social network LinkedIn suffered a similar data breach, which saw leaking of over six million passwords leaking to the Internet.
There have been numerous instances of the websites of the Internet companies and governments across the world falling prey to such targeted attacks. Back in India, we recently saw the notorious hackers group Anonymous conducting frequent attacks on the Indian sites.
The Indian government has also confirmed of its websites including those Planning Commission, the Finance Ministry and other State government agencies suffering such targeted attacks.
Yahoo is one of the major brands on the web and its vulnerability to cyber attacks evidently specifies the need for more fool-proof security mechanics on the Internet, perhaps on a global scale.
Do you also think more should be done to protect users' privacy on the web? Let us know in the comments section below: