Online web security is a hot issue in 2012, Yahoo was reminded of this today after suffering a MySQL injection attack resulting in the publishing of 453,492 usernames and passwords. A group called D33DS Company has taken responsibility for the hack and leak of user information. Its speculated that Yahoo! Voice service was the main target of the attack, formally known as Associated Content. The stolen data contained an “older file” which contained user login credentials. D33DS Company released a statement on how they gained access to Yahoos backend.
“The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.”
Yahoo has responded to the attacks saying only 5 percent of the data is still valid user information. Yahoo also released the following statement:
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised,” the statement continued. “We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”
Yahoo has joined several other major companies being attacked and having sensitive data leaked online. Unless major changes are made to how user data is protected we don’t see this trend ending any time soon. Be sure to change your password.