Search engine Yahoo has revealed that the hacker group D33DS gained access to its systems and compromised approximately 400 000 user IDs. Security firm Trustedsec confirmed that the hacking originated from Yahoo’s Voices, a user-generated section of the site.
“We are currently investigating the claims of a compromise of Yahoo! user IDs,” Yahoo said in a statement, and urged users to “change their passwords on a regular basis”.
Trustedsec also revealed that the passwords were incorrectly stored. “The most alarming part of the entire story was the fact that the passwords were stored entirely unencrypted,” the firm wrote on its blog.
Hacking group D33DS boasted about the attack, saying that it should serve as a wake-up call to whoever was responsible for Yahoo’s security.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly,” the hackers wrote on a blog.
According to the BBC “the compromised Yahoo passwords were associated with a variety of email addresses including those from yahoo.com, gmail.com and aol.com. It said that hackers used a well-established technique known as SQL injection to extract the sensitive information from the database.”
Charlie Fripp – Consumer Tech editor