2012 Yahoo! Voices hack
| Date | July 12, 2012 |
|---|---|
| Location | Globally |
| Cause | Hack |
| Suspect(s) | D33ds |
Yahoo! Voices, formerly Associated Content, was hacked in July 2012. The hack is supposed to have leaked approximately half a million email addresses and passwords associated with Yahoo! Contributor Network.[1] The suspected hacker group, D33ds, used a method of SQL Injection to penetrate Yahoo! Voice servers. Security experts said that the passwords were not encrypted and the website did not use a HTTPS Protocol, which was one of the major reasons of the data breach.[2] Dana Lengkeek, a Yahoo! spokeswoman, was asked about the companies whose credentials were stolen, but Mrs Lengkeek did not respond. The email addresses and passwords are still available to download in a plaintext file in the hacker's website. The hacker group described the hack as a "wake-up call" for Yahoo! security experts.[3] Joseph Bonneau, a security researcher and a former product analysis manager at Yahoo, said "Yahoo can fairly be criticized in this case for not integrating the Associated Content accounts more quickly into the general Yahoo login system, for which I can tell you that password protection is much stronger"[4]
Reaction by communities and users
D33DS, the hacker group, said that the hack was a "wake-up call". They said that it was not a threat to Yahoo!, Inc. The IT Security firm, TrustedSec.net, said that the passwords contained a number of email addresses from Gmail, AOL, Yahoo, and more such websites. Yahoo Voice, was a subdomain of Yahoo. The attacker mistakenly forgot to remove the hostname "dbb1.ac.bf1.yahoo.com".[5]
Response from Yahoo
Immediately after the hack, Yahoo!, in a written statement, apologized for the breach. Yahoo did not disclose how many passwords were valid after the hack, because they said that every minute, 1-3 passwords are changed on their site.[6] Yahoo said that only 5% of its passwords were stolen during the hack.[7] The hackers website, d33ds.co, was not available later on Thursday, after the hack.[8] Yahoo said in a written statement that it takes security very seriously and is working together to fix the vulnerability in its site. Yahoo said that it was in the process of changing the passwords of the hacked accounts and notifying other companies of the hack.[4] They said that some of the passwords stored in the database were registered in 2006.[9]
Controversy
A simple matter had sparked a controversy over Yahoo!. The controversy was sparked because of Yahoo's silence about the data breach. After the servers were hacked, Yahoo! did not mail the affected 450,000 victims, though it was promised earlier. There was no site-wide notifications about the hack, nor did any victim get any type of personal messages detailing how to reset their account passwords from Yahoo.[10]
References
- ↑ "Yahoo hack steals 400,000 passwords. Is yours on the list?". Christian Science Monitor. Retrieved July 29, 2012.
- ↑ "Yahoo! Voice fails security 101 as 443,000 passwords are exposed". CNNMoney.com. July 12, 2012. Retrieved July 29, 2012.
- ↑ The Yahoo! Hack: How to find if you're affected? Publisher: Tapscape.com
- 1 2 "Yahoo! fails security 101 as 443,000 passwords are leaked". CNN Money. July 12, 2012. Retrieved July 29, 2012.
- ↑ "Yahoo Password hack 2012:Breach details". LatinsPost. Retrieved July 29, 2012.
- ↑ Smith, Catharine (July 12, 2012). "Yahoo! Voice hack puts Gmail, AOL, Lycos into trouble". Huffingtonpost.com. Retrieved July 29, 2012.
- ↑ "Yahoo hacks leaks 4.5 lakhs of passwords". Business Today. Retrieved July 29, 2012.
- ↑ "Yahoo! Voice hacked: 4.5 lakh passwords in the net". IBNLive.com. Retrieved July 29, 2012.
- ↑ "Yahoo Voices is latest to be hacked with 450,000 accounts stolen". Webpronews.com. Retrieved July 29, 2012.
- ↑ "Yahoo! fails to notify 453k+ of affected victims". Niuzer.com. Retrieved 29 July 2012.