Yahoo! Services like Yahoo! Voice, and many other unidentified services from the company has been compromised, and the hackers have exposed over 453,000 passwords as plain text after they did some SQL Injection on the sites.
Yahoo! has been having a bad day today. The company has got a lot of online service offerings for its customers, and now, they have been compromised. Over 453,000 passwords that were obtained from a SQL Injection has been exposed into the wild today. A company called D33Ds has exposed the entire dump on their website in a TXT file. The injection was a union-based SQL Injection, which was performed on various subdomains of the Yahoo! Services, and this injection works on servers that has very poor SQL Injection security features. This was done by performing a lot of SQL commands, which would return the huge dump that the user requests.
The hackers have also stated that this is just a wake-up call for those who have been managing the security on these servers. And they do not impose any threat to them. They also added:
“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
The dump has a huge amount of DB columns and MySQL database fields. And the expected service that got breached is Yahoo! Voice. We’ve reached out to Yahoo! for some comments on this issue! We’ll keep you posted about this soon! But for now, we think you’re safe. But if you’re a Yahoo! Voice user, just wait for the company to acknowledge the issue!
Image Source: Flickr
Via: Twitter