Thursday’s Yahoo confirmation of nearly 400,000 user names and passwords to Yahoo and other companies were compromised on Wednesday, sparking a wave of consumer panic as users searched for PC backup software to restore their data in case their computers were affected.
An infamous group of hackers, known as the D33D Company, posted the user names and passwords for what more than 450,000 accounts belonging to Yahoo as well as Gmail, Hotmail, AOL, Comcast, Verizon, MSN, Live.com, SBC Global, and BellSouth users.
To add insult to injury, the hackers wrote a curt footnote to the data dump, which has since been taken down: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.”
Ironically, the security breach comes just one month after several million of user passwords for LinkedIn, the professional’s online social network, were exposed by hackers who took down its system. The breaches highlight the ease with which hackers are able to infiltrate systems, affecting some of the most widely used and sophisticated technology companies worldwide.
Spokeswoman for Yahoo, Dana Lengkeek, said the compromised accounts belonged to Yahoo’s Contributor Network and that fewer than 5 percent of the passwords posted were still valid.
Meanwhile, spokesman for Google, Chris Gaither, stated that Google immediately reset passwords for their vulnerable Gmail user accounts.
The notorious hackers claimed to have stolen the passwords using a hacking technique called an SQL injection, which exploits a software vulnerability in database entires.
Google’s Lengkeek stated, “We’re fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying companies whose user accounts may have been compromised.”
It is presently undetermined whether or not Yahoo’s breach had been fully contained or if hackers could still be inside its systems.
Computer security experts have recommended that all Yahoo users consider changing their passwords to other sites they frequent, as hackers tend to test stolen passwords across multiple sites on the internet.
“Why haven’t organizations like Yahoo got it yet? SQL injection is a known attack,” said Mark Bower, a vice president at Voltage Security. “If what is stated is true, it’s utter negligence to store passwords in the clear.”
This latest attack has apparently caused a surge in online PC backup software searches as consumers realize that their computers can be compromised at anytime.
Short URL: http://stopthehype.com/?p=3129