Cause Hack | Suspect(s) D33ds | |
Date July 12, 2012 (2012-07-12) | ||
Yahoo! Voices, formerly Associated Content, was hacked in July 2012. The hack is supposed to have leaked approximately half a million email addresses and passwords associated with Yahoo! Contributor Network. The suspected hacker group, D33ds, used a method of SQL Injection to penetrate Yahoo! Voice servers. Security experts said that the passwords were not encrypted and the website did not use a HTTPS Protocol, which was one of the major reasons of the data breach. Dana Lengkeek, a Yahoo! spokeswoman, was asked about the companies whose credentials were stolen, but Lengkeek did not respond. The email addresses and passwords are still available to download in a plaintext file in the hacker's website. The hacker group described the hack as a "wake-up call" for Yahoo! security experts. Joseph Bonneau, a security researcher and a former product analysis manager at Yahoo, said "Yahoo can fairly be criticized in this case for not integrating the Associated Content accounts more quickly into the general Yahoo login system, for which I can tell you that password protection is much stronger."
Contents
Reaction by communities and users
D33DS, the hacker group, said that the hack was a "wake-up call". They said that it was not a threat to Yahoo!, Inc. The IT Security firm, TrustedSec.net, said that the passwords contained a number of email addresses from Gmail, AOL, Yahoo, and more such websites. Yahoo Voice, was a subdomain of Yahoo. The attacker mistakenly forgot to remove the hostname "dbb1.ac.bf1.yahoo.com".
Response from Yahoo
Immediately after the hack, Yahoo!, in a written statement, apologized for the breach. Yahoo did not disclose how many passwords were valid after the hack, because they said that every minute, 1-3 passwords are changed on their site. Yahoo said that only 5% of its passwords were stolen during the hack. The hackers website, d33ds.co, was not available later on Thursday, after the hack. Yahoo said in a written statement that it takes security very seriously and is working together to fix the vulnerability in its site. Yahoo said that it was in the process of changing the passwords of the hacked accounts and notifying other companies of the hack. They said that some of the passwords stored in the database were registered in 2006.
Controversy
A simple matter had sparked a controversy over Yahoo!. The controversy was sparked because of Yahoo's silence about the data breach. After the servers were hacked, Yahoo! did not mail the affected 450,000 victims, though it was promised earlier. There was no site-wide notifications about the hack, nor did any victim get any type of personal messages detailing how to reset their account passwords from Yahoo.