Hi friends, can any one tell how this breach had happened and can any one give much information about this
thank you On Fri, Jul 13, 2012 at 12:24 PM, Rakesh Nagekar <[email protected]>wrote: > > Hi G33Ks, > > @Dataloss > > > https://www.trustedsec.com/july-2012/yahoo-voice-website-breached-400000-compromised/ > > Few details are known at this point however, a recent post over > 400,000 plus accounts that have clear text passwords were posted > online. The passwords contained a wide variety of email addresses > including those from yahoo.com, gmail.com, aol.com, and much more. The > affected website was only named as a subdomain of yahoo.com however > digging through and searching for the hostname, the attacker forgot to > remove the hostname “dbb1.ac.bf1.yahoo.com” (credit to Mubix for the > hostname find). Looking through a variety of sources, it appears that > the compromised server was likely “Yahoo! Voice” which was formally > known as Associated Content (credit to Adam Caudill for the linkage). > > The most alarming part to the entire story was the fact that the > passwords were stored completely unencrypted and the full 400,000+ > usernames and passwords are now public. The method for the compromise > was apparently a SQL Injection attack to extract the sensitive > information from the database. > > Below is a small snippet of what the passwords looked like from the > leaked document (email addresses redacted): > > If you are concerned about your password and for a full list of all of > the usernames and passwords compromised; head over to the below link. > Note that the filesize is large and will take quite a long time to > load. > > https://d33ds.co/archive/yahoo-disclosure.txt > > There has been no official confirmation from Yahoo or any other > sources as of yet. > > Cheers, > -- > Rakesh Nagekar > 9701887568 > -- Rakesh Nagekar 9701887568 -- You received this message because you are subscribed to the Google Groups "nforceit" group. To post to this group, send an email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/nforceit?hl=en-GB.
