Hacking collective D33Ds Company has reportedly exposed 4,53,000 Yahoo login passwords, if a report by Ars Technica
is to be believed. The whole password dump has been posted on a public
website. The hacking group has posted passwords of 4,53,492 Yahoo
accounts in plaintext and 2,700 database table or column names and 298
MySQL variables.The hacking group claims that it penetrated the Yahoo sub domain using a technique called union based sub-domain injection. This particular hacking technique is known to prey on poorly secured web applications that do not scrutinize text entered into search boxes and other user input boxes. This enables the hacker to inject powerful database commands, through which the hacker can trick back-end servers into dumping large amounts of sensitive information.
The TrustSec Blog is reporting that the targeted services could be Yahoo Voice as the string “dbb1.ac.bf1.yahoo.com” is included in the dump posted by the hackers and the string is reportedly associated with the Yahoo Voice Service.
This is not the first time that we have heard about a high profile service being hacked. Only last month professional social networking site LinkedIn was hacked with more than 6.4 million accounts being breached. However, in the wake of the security breach LinkedIn has beefed up its security by adding another layer of security for its users.
Read