Security breach has always been a big concern when it comes to the virtual world. Yet again, hackers proved to have potential to create a big mayhem and a cyber mess as reports of hackers publishing over 453,000 emails and passwords from an unnamed Yahoo service (suspected to be Yahoo! Voices) were confirmed. Yahoo Head of Consumer PR (UK) Caroline MacLeod-Smith confessed, through email that an older file from Yahoo Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo and other company users names and passwords was compromised.
The hackers, belonging to the group called “The D33Ds Company” claimed to have broken into the database by tweaking an SQL injection vulnerability spotted in a Yahoo subdomain. The hackers declared in their release notes that the subdomain and vulnerable parameters would not be posted as that can potentially wreak a much bigger havoc. The divulged information contains MySQL server variable, names of database tables and columns, a list of 453,492 emails addresses with respective passwords in plain text. The leaked login data includes email addresses from yahoo along with those from other public and non-public email providers.
Anders Nilsson, the chief tech officer of Eurosecure, the antivirus vendor ESET’s Scandinavian distributor has done an analysis of the data. According to the report, there are over 34,000 unique passwords and if any user has a Facebook or Twitter account under the same password (the email is obviously the same), then those accounts are in clear danger of being hacked as well. Most common domain names in the list are Yahoo.com, Gmail.com, Hotmail.com, Aol.com along with the less common ones like Rediffmail.com, Rocketmail.com, Googlemail.com etc.
On behalf of Yahoo, it has been revealed that less than 5% of the Yahoo accounts had genuine passwords. This may seem like a hasty statement to brush up the hacking fiasco, but it may alleviate some concern of a lot of users. They have claimed to be taking immediate action by fixing the vulnerability of which the hackers too advantage of and disclosed the data. The passwords of the affected Yahoo users are being changed and the other email providers whose users accounts have been compromised are being alerted. With apologies Yahoo has requested all its users to regularly change their passwords and keep themselves updated on the online safety tips at their security portal security.yahoo.com.
The hackers, on the other hand, seemed nonchalant and unapologetic. They said that this should not be considered a ‘threat’, but it should serve as a ‘wake-up’ call. According to them, “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”
If your email and password have been leaked, you can change the password and hope it does not happen again. But the public email providers need to keep their security in check. Handling such a vast bulk of personal information present in emails is a huge responsibility. Every possible measure must be adopted to make sure they do not fall in the wrong hands.