Now it was Yahoo’s turn to get hacked. A group that goes by the name of D33D has broken into the Yahoo database using a SQL exploit and gained access to 450 thousand Yahoo user accounts. They published the list of hacked account online. This list included the emails and passwords of 450 thousand Yahoo users. What makes this even more annoying is that Yahoo could have prevented this… They were storing the password in plain text within their database. It is common sense to encrypt passwords in a database but they have failed to do so at Yahoo.
The suspected group of account that were hacked belonged to members of the Yahoo Voices sub-domain. D33D reports using a “Union-based SQL injection” to easily gain access to the poorly secured database.
I find it unbelievable that Yahoo would be so careless with the information of its users. To store our passwords unencrypted should simply be a crime. The worst part is Yahoo isn’t even admitting to anything. They are simply stating that they are looking into it. They also failed to notify the owners of the accounts that had been compromised.
[pullquote align=”left|center|right” textalign=”left|center|right” width=”30%”]The passwords were stored in plain text.[/pullquote]
I’d rather not link to the leaked file but I assure it it does exist and there are indeed thousands of leaked passwords in the file. If you have ever used Yahoo Voices, without a doubt, it is time to change your password. What sucks the most is that its probably going to be many passwords people will have to change. The list includes emails and passwords together. Not just usernames.
With all of these sites starting to just not give a shit about their users I recommend that people start using different passwords on every website they use and consider using a secure password manager to keep track of it all.
Update: If you would like to see if your account was one of the ones compromised. Check out my latest article: Check If Your yahoo Account Was Hacked