Yahoo has confirmed that hackers have stolen around 400,000 user names and passwords in unencrypted form from its computer system. The search engine firm is on its way to fix the vulnerability that led to the theft. The firm asked its victims users to change their passwords and notified the companies, whose user accounts may have been misused.
As per reports, Last Wednesday, a hacking group, who introduced them as D33Ds Company, posted 453,492 account credentials in plain text on a public website. They further mentioned there that it has been done to exhibit the poor cyber security system of Yahoo and is not a threat. They tagged it to be a "wake-up call" rather than a threat to Yahoo.
A security firm Rapid7 said about the online publication of a data file that contains login credentials in unencrypted text for Yahoo as well as several other Internet services, including Google Inc’s Gmail and AOL as well as Microsoft Corp’s Hotmail, MSN and Live sites. "There have been many security holes exploited in web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly," pointed out the group at the end of the post. The hackers further said there that they have also earned some other sensitive information which has not been posted to shun further damage. While Yahoo is of the opinion that an older file, from Yahoo Contributor Network had been stolen, Security firm TrustedSec guessed the hacked service to be Yahoo Voices. It is also a matter of concern and negligence in part of Yahoo that, those credentials were kept unencrypted.
No comments:
Post a Comment