Yesterday, we reported on the Formspring website hack. Today, it’s Yahoo Voices that has been compromised.
Yahoo Voices, which defines itself as “where your expertise and perspectives take center stage!”, allows Yahoo users to post their own articles, videos and slideshows online.
This morning, hacker group D33DS Company, published the 453,491 email addresses and passwords online in plain text, in a document marked “Owned and Exposed”.
The hackers say they used a “Union-based SQL Injection” to steal the data and posted the information as a “wake-up call”
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.
But even if this hacker group themselves aren’t planning to use the information for ill-gotten gains, the data is available for anyone to access.
The only silver lining on the cloud is that the website hosting the passwords is temperamental, and people are experiencing difficulties accessing the information. But maybe the access problems are being caused by so many people trying to access the stolen passwords at once?
If you use Yahoo Voices, you should probably change your password now.
Don’t forget to make sure that your password is unique, hard to guess, and that you use a different password on every website you use. If you use the same password in multiple places you are just asking for trouble.
At the time of writing, there is no official word from Yahoo regarding the security breach.
There are certainly questions which need to be answered – such as how were the hackers able to gain access to the information, and what measures was the site taking to ensure that even if its databases were breached, the passwords would not be easy to convert into plain text.
If your company runs a website which stores users’ information, don’t feel too smug about Yahoo’s misfortune. Are you taking enough care of your visitors’ credentials and ensuring that they are properly secured?Follow @NakedSecurity