Yahoo Voices hacked, nearly half a million emails and passwords stolen

Filed Under: Data loss, Featured, Privacy

Yahoo logoYesterday, we reported on the Formspring website hack. Today, it's Yahoo Voices that has been compromised.

Yahoo Voices, which defines itself as "where your expertise and perspectives take center stage!", allows Yahoo users to post their own articles, videos and slideshows online.

This morning, hacker group D33DS Company, published the 453,491 email addresses and passwords online in plain text, in a document marked "Owned and Exposed".

Owned and exposed

The hackers say they used a "Union-based SQL Injection" to steal the data and posted the information as a "wake-up call"

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.

But even if this hacker group themselves aren't planning to use the information for ill-gotten gains, the data is available for anyone to access.

The only silver lining on the cloud is that the website hosting the passwords is temperamental, and people are experiencing difficulties accessing the information. But maybe the access problems are being caused by so many people trying to access the stolen passwords at once?

D33Ds email addresses

Unfortunately, the list of compromised websites just seems to keep growing. In a little over a month, we've reported on breaches of Formspring,, LinkedIn and eHarmony.

If you use Yahoo Voices, you should probably change your password now.

Don't forget to make sure that your password is unique, hard to guess, and that you use a different password on every website you use. If you use the same password in multiple places you are just asking for trouble.

At the time of writing, there is no official word from Yahoo regarding the security breach.

There are certainly questions which need to be answered - such as how were the hackers able to gain access to the information, and what measures was the site taking to ensure that even if its databases were breached, the passwords would not be easy to convert into plain text.

If your company runs a website which stores users' information, don't feel too smug about Yahoo's misfortune. Are you taking enough care of your visitors' credentials and ensuring that they are properly secured?

, , , , , , ,

You might like

10 Responses to Yahoo Voices hacked, nearly half a million emails and passwords stolen

  1. disclosure · 1149 days ago

    Searchable list at

  2. Nigel · 1149 days ago

    "...not as a threat."

    ...ah, I see. In the same sense as the old Monty Python routine wherein the "Crunchy Frog" confection used "...only the finest baby frogs...lightly killed...".

    It's an old story: "Sacrifices must be made for the greater good"...or some such pantload. I wouldn't be surprised to see these D33DS jerks running for political office next.

  3. Mz Z · 1149 days ago

    It's coming from Facebook Users. They Hijack your account info then your email and all of the contacts info. Both Yahoo and Facebook are being moot about it and doing nothing. Be careful, because they get all of your profile info, banking info and sell it. Once they got you and your info they hold to you and keep coming back, they have your basic info school birthdate mothers maiden name etc.....

  4. Mike91163 · 1149 days ago

    In my opinion, there are 2 reasons for all these hacks:

    ---companies unwilling to spend the $$$ on hardware/software to secure their websites; and,

    ---bluntly, so-called security "experts" at these firms who truly have no idea what they're doing, and cover their stupidity by spewing technical mumbo-jumbo to their profoundly clueless superiors.

    Is that assessment harsh? You bet. Accurate? I have first-hand heard some of the nonsense, but as soon as you call these idiots out, you're labeled as a troublemaker & xenophobe.

    In order to protect yourself from criminals, you MUST think like a criminal.

  5. Sizzle · 1149 days ago

    So, what are the odds on whether the passwords were being stored in plain-text then?

  6. Jack · 1149 days ago

    Looked at the "Fix it Tool" and it stated that the tool is 'disabled' or 'enabled', which is questionable. Do you 'enable' it to fix the problem, or are you enabling the 'problem'? Do you see what I mean?


  7. TheDude · 1148 days ago

    The people at Yahoo are idiots. There were phishing e-mails going around immitating our company. Yahoo sent us an e-mail telling us to quit sending them...

  8. Cindy · 1123 days ago

    I am so upset with Yahoo that I posted what I have been through since my Gmail address was in the list of hacks.

  9. Internaut · 1122 days ago

    The3Dude is correct. Remember Slurp downloading full web sites, pushing some hosting systems to disable sites exceeding their bandwidth, and while most are not exceeding, some of the smaller family blogs, business card web sites, and such paid the penalty. Yahoo ignored the thousands of requests to smarten up.

    When Yahoo, and others, send a email telling you to stop spamming, they ASSume you are guilty. Yahoo and others, are police, prosecutor, judge, jury, and there is no defense.
    It's probably much easier to arrange for a one-on-one with the President, than it is to reach a human at Yahoo, and others, to correct a mistake they will claim was never made.

    The question is, why were the passwords not encrypted at source?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Anna Brading is Naked Security's editor. She has worked in tech for more than ten years and as a writer with Sophos for over five. She's interested in social media, privacy and keeping people safe online.