Business, Economics and Jobs

Yahoo investigating password breach of 450,000 users


A worker moves a section of a Yahoo! billboard onto a truck on December 21, 2011 in San Francisco, California. Yahoo's iconic retro-style billboard was taken down after 12 years of greeting visitors to San Francisco. The brightly colored billboard, reminiscent of a 1960's era motel sign, was installed in 1999 next to Interstate 80 near downtown San Francisco.


Justin Sullivan

Yahoo confirmed on Thursday that it was investigating a breach of its system which may have exposed the usernames and passwords of up to 450,000 users, according to the BBC.

The attack probably originated from servers connected to Yahoo Voices, according to US security firm Trustedsec. The hacking group D33DS claimed credit for the attack, according to the BBC.

The Associated Press cited tech news sites CNET, Ars Technica and Mashable with the information that over 453,000 login credentials from a Yahoo subdomain were posted on the D33D Company's website.

The group said they used an SQL injection, "a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites," to steal the information, according to the AP.

More on GlobalPost: British National Archives release government's UFO files

The group reportedly said, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call."

In a statement, Yahoo said, "We confirm that an older file from Yahoo Contributor Network... containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday," according to the BBC. It added that only 5 percent of the accounts had valid passwords, and that it was taking immediate action to fix the vulnerability.

The New York Times noted that the usernames and passwords appeared to be for not only Yahoo, but also Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and users.

More on GlobalPost: Wells Fargo to pay $175M in mortgage discrimination settlement