The login credentials for more than 453,000 people who used the Yahoo Voices service have been stolen by a hacking collective, an act those responsible believe should serve as a wake-up call for the Web giant.
The personal data, posted in plain text on the hacking site D33D Company, was supposedly garnered from Yahoo through a simple SQL injection technique, and is extensive, according to a report from the tech news site CNET. Exposed information seems to have been accessed via a subdomain, based on data the hackers failed to remove when posting it on the sharing site, and included the full login data — usernames and passwords — for the hundreds of thousands of victims. The sheer amount of data posted on the site was massive.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment at the bottom of the data, according to the site. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
This is the just latest hacking incident that exposed consumers’ login details in recent months, the report said. About 8 million consumer passwords — from popular social and professional networking site LinkedIn, dating site eHarmony and music site Last.fm, combined — have been exposed since the beginning of June. Further, the social networking question-and-answer service Formspring revealed that it had about 420,000 of its hacked passwords posted on an online forum. Formspring disabled the passwords of its entire user base as a precaution.
Hacking attacks of this type may not be as damaging to consumers as other types of data breaches, but can still pose significant problems if they use the same password and email combinations to log in for multiple websites. For this reason, security experts recommend mixing up passwords whenever possible and using a combination of numbers, letters and symbols that cannot be easily guessed when creating login details. Many recommend simply having randomized passwords, and changing them regularly.
“As the recent Yahoo! Voices breach illustrates, do we really need to use dumb, easily decipherable passwords throughout our cyber-universe which can be cracked in minutes allowing thieves to get their grubby little fingers on our kids’ college education funds or tax return information?” Adam Levin, Credit.com’s founder and chairman, wrote in a recent editorial.
Image: drumrick, via Flickr