Hi friends,

can any one tell how this breach had happened and can any one give much
information about this

thank you

On Fri, Jul 13, 2012 at 12:24 PM, Rakesh Nagekar
<[email protected]>wrote:

>
> Hi G33Ks,
>
> @Dataloss
>
>
> https://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/
>
> Few details are known at this point however, a recent post over
> 400,000 plus accounts that have clear text passwords were posted
> online. The passwords contained a wide variety of email addresses
> including those from yahoo.com, gmail.com, aol.com, and much more. The
> affected website was only named as a subdomain of yahoo.com however
> digging through and searching for the hostname, the attacker forgot to
> remove the hostname “dbb1.ac.bf1.yahoo.com” (credit to Mubix for the
> hostname find). Looking through a variety of sources, it appears that
> the compromised server was likely “Yahoo! Voice” which was formally
> known as Associated Content (credit to Adam Caudill for the linkage).
>
> The most alarming part to the entire story was the fact that the
> passwords were stored completely unencrypted and the full 400,000+
> usernames and passwords are now public. The method for the compromise
> was apparently a SQL Injection attack to extract the sensitive
> information from the database.
>
> Below is a small snippet of what the passwords looked like from the
> leaked document (email addresses redacted):
>
> If you are concerned about your password and for a full list of all of
> the usernames and passwords compromised; head over to the below link.
> Note that the filesize is large and will take quite a long time to
> load.
>
> https://d33ds.co/archive/yahoo-disclosure.txt
>
> There has been no official confirmation from Yahoo or any other
> sources as of yet.
>
> Cheers,
> --
> Rakesh Nagekar
> 9701887568
>



-- 
Rakesh Nagekar
9701887568

-- 
You received this message because you are subscribed to the Google Groups 
"nforceit" group.
To post to this group, send an email to [email protected].
To unsubscribe from this group, send email to 
[email protected].
For more options, visit this group at 
http://groups.google.com/group/nforceit?hl=en-GB.

Reply via email to