Spread the love! TechSpot Tech Gift Shortlist 2017

Hackers post 453,000 plaintext Yahoo Voices logins

By Matthew · 11 replies
Jul 12, 2012
Post New Reply
  1. Hackers collectively known as "D33Ds Company" have posted unencrypted credentials for over 453,000 Yahoo Voices accounts. The group reportedly used an SQL injection to extract the information, which includes email addresses, passwords, over 2,700 database table…

    Read more
  2. Tygerstrike

    Tygerstrike TS Enthusiast Posts: 827   +93

    Yet another hacker group thinking thier Robin Hood and embarassing the Sherriff to get what they want. If these groups want to be taken seriously they need to contact the board members of the company they are security testing. How do these *****s think they are going to get paid? A nickle is going to fall out of thier computer hard drive everytime they post a password?
    If they are indeed just a "testing" hacker group, then it also shouldnt hurt them to post who they really are online........
  3. lipe123

    lipe123 TS Evangelist Posts: 718   +236

    I thought SQL injection is the most basic attack possible and even college grad sys admins know how to avoid it?
  4. HuntForTheWOrst

    HuntForTheWOrst TS Member Posts: 27

    Any website can get hacked by SQL but it takes Advanced hackers to hack websites like Facebook,Yahoo,Twitter etc These guy are known for their hacking their advanced and really good at it so they can do it.It was just way too advanced and hard for the rest of us and Yahoo has already had this happen to them before too well not the exact thing but they have gotten hacked.
  5. Does this affect the regular Yahoo e-mails as well?
  6. HuntForTheWOrst

    HuntForTheWOrst TS Member Posts: 27

    Yes it will effect if your passwod was on the list cause it's the same thing used on yahoo answers!

    So everything with yahoo is affected that uses yahoo emails but yours may have not been told so your good if it wasn't told
  7. lipe123

    lipe123 TS Evangelist Posts: 718   +236

    No they cant, any website that doesnt santize input fields can get hacked. It's a GROSS oversight by whoever is in charge. http://en.wikipedia.org/wiki/SQL_injection
    Basically it boils down to instead of putting your username in the login box you put "SELECT * FROM users WHERE name = 'a';DROP TABLE users; and bam it deletes all the users in the database with the username "a" cause the stupid webpage -> database thing isn't filtering out these inputs.
    SQL injection is hacking 101 and if your company is affected by it its like "welcome to the hall of shame"
  8. HuntForTheWOrst

    HuntForTheWOrst TS Member Posts: 27

    Oh **** I fcked up hardcore but you can also SQL it if the website is vulnerable but most popular websites arent vulnerable thanks for correcting my mistake:D

    Yahoos been vulnerable many times though
  9. None of my e-mails were in the dazzle pod list so I guess I'm in the clear. I don't think I'll be making any more yahoo emails though.
  10. treetops

    treetops TS Evangelist Posts: 2,045   +206

    sob now I am going to have to change some passwords


    for the link I am not on the list :)
  11. TJGeezer

    TJGeezer TS Enthusiast Posts: 385   +10

    Years ago, before switching to gmail for the spam filtering, I used a Yahoo email address for awhile. Haven't checked it in years and ignore anything that comes in, but on impulse I checked at your "should I change my password" link - it said my old addy was compromised on July 12.

    Last time I even looked, the box had so much spam clogging it up I just left in disgust. Now I'm wondering if I should bother to change the address. I don't even know what my password was for that account, though I suppose I could go to the torrents and find out.

    Nah. Not worth the trouble; let 'em have the old, dead mailbox.
  12. treetops

    treetops TS Evangelist Posts: 2,045   +206

    I switched to gmail too, but used the same pass as yahoo, changing that, I still keep it around for signing up to sites I suspect will spam me.

Similar Topics

Add your comment to this article

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...