Yahoo confirms breach, passwords appear not encrypted

Share this article:

Yahoo on Thursday confirmed that its database was hacked to steal about 400,000 usernames and passwords of members who belong to the company's Contributor Network, which formerly was known as Associated Content.

Yahoo said the theft of the file occurred on Wednesday, but fewer than five percent of the stolen accounts still contained "valid" passwords.

According to Ohio-based security firm TrustedSec, the hackers, which claimed to be part of a relatively unknown contingent known as "D33ds Company," obtained the booty in clear text through a SQL injection attack, a common technique used to infiltrate vulnerable web applications. The hackers publicly posted the file they stole, but high traffic currently is preventing it from being accessible.

"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted, and the full 400,000+ usernames and passwords are now public," TrustedSec said in a blog post.

Yahoo didn't respond to a question of why the passwords were not cloaked, but said it was asking victims to change their passwords.

Yahoo is one in a recent string of high-profile online firms, including LinkedIn, E-Harmony and Formspring, that have been breached of passwords. Each has had varying degrees of controls in place to protect the credentials.

Earlier Thursday, Eset security blogger Anders Nilsson ran an analysis to uncover common passwords and domains with the dump.

Predictably, the most common passwords were '123456', 'password' and 'welcome,' while domains Yahoo, Gmail and Hotmail appeared most frequently.

There were 1870 .edu domains, 93 .gov and 81 .mil. The full password analysis is on Pastebin and a mirror of the dump has been posted to MediaFire.

Users tend to share passwords across websites, which means the breach of one organization can lead to unauthorized access or fraud at an entirely different site.

SC Magazine Australia contributed to this article.
Share this article:

Sign up to our newsletters

More in News

In Cisco probe, misuse or compromise spotted on all firms' networks

In Cisco probe, misuse or compromise spotted on ...

Cisco analyzed the business networks of 30 multinational companies last year, and revealed the findings in its 2014 Annual Security Report.

Fareit trojan observed spreading Necurs, Zbot and CryptoLocker

The Necurs and Zbot trojans, as well as CryptoLocker ransomware, has been observed by researchers as being spread through another trojan, known as Fareit.

Post Heartbleed, tech giants join initiative to bolster open source

Post Heartbleed, tech giants join initiative to bolster ...

The newly formed Core Infrastructure Initiative, created to boost under-funded open source projects, will tackle OpenSSL first.