Yahoo is suffering a backlash by its users after a security breach that ended up with a hacker group known as D33ds Company posting almost half a million credentials online.
Yahoo confirmed that more than 450,000 passwords and email addresses have been hacked from one of its servers. However, the number of affected users is much smaller than in the last big mishap when hackers looted 6.5 million LinkedIn passwords last month. The company asked its users to make more complex passwords and change them on daily basis.
It was a security breach conducted anonymously and was supposed to be a wakeup call and not a threat, read a document posted by the hackers on the hacked web page. According to the hackers, there are many security holes which should not be taken lightly in order to avoid future incidents.
The company said in a statement that “At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.”
Yahoo also made an apology to all affected users.
The hacker group reportedly used an SQL injection to obtain credentials and compromise the Yahoo database. It is the same method that was used by hackers in 2011 against Sony. The method refers to insertion of an invalid computer code into a SQL database through the exploitation of web page vulnerability.
All the affected accounts are reportedly linked to Voices, an online publishing tool which was acquired by Yahoo in 2010. It is related to company’s instant messaging feature.
It has been advised to Yahoo Voices users to change their password as soon as possible, and if they use the same login credentials on more sensitive services like email or financial accounts, they should also change them on priority basis.