It looks like Yahoo Voice is the next big name to fall victim to an SQL injection attack; over 400,000 e-mails and passwords have been leaked for Yahoo, Gmail, Live, and other e-mail providers
. This not only poses a risk to e-mail accounts, but most people use the same e-mail/password for all their accounts (Facebook, bank accounts, etc). The leaked document is available for download at the bottom of this post. The group responsible closed the document with this: ""Growth begins when we begin to accept our own weakness." - Jean Vanier We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage. ~ Greetz: N477, Johnn MRU, jackh4xor, BUNNN, paul4games, B0N3,TiGER-M@TE and all the members of D33Ds.Co and 0xf-security." Those interested in statistics of the leaked passwords, like which words are used most in passwords, check out the details here:http://pastebin.com/2D6bHGTa Top 10 passwords 123456 = 1666 (0.38%) password = 780 (0.18%) welcome = 436 (0.1%) ninja = 333 (0.08%) abc123 = 250 (0.06%) 123456789 = 222 (0.05%) 12345678 = 208 (0.05%) sunshine = 205 (0.05%) princess = 202 (0.05%) qwerty = 172 (0.04%) Be sure to check your own e-mails from the document below, and make sure you aren't one of those exposed. Download link:http://www.2shared.com/file/rdiv6kfU/yahoo-disclosuretar.html
Comments
Post a Comment