nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

Unidentified Yahoo service database compromised

chaser7783

Sad big companies still store this kind of info in plaintext.
Link: Hackers expose 453,000 credentials allegedly taken from Yahoo service | Ars Technica

Find more posts tagged with

SAVE $250 on Your Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View Boot Camps

Comments

RobertKaucher

What year is this? 2001?

When your Dr. says that a high salt diet is unhealthy he does not mean for your passwords and that's not the kind of injection that cures diseases either... Unsalted passwords and unparameterized SQL...

COME ON DEVELOPERS! WTH?

chaser7783

What bothers me so far is the action they have taken after the fact:

"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

Security through obscurity at it's best.

[FONT=Arial, sans-serif]
[/FONT]

RobertKaucher

The article actually did not mention anything done by Yahoo as an attempt to correct the issue. That was a comment from the Hackers as to why they did not release more details. It is about as upstanding as you can get in their world.

mattlee09

I wonder how many potential CEO applicants just reconsidered (as if the decision wasn't hard enough before). RUN FOR THE HILLS!

demonfurbie

here be the list

http://gnulinux.me/yahoo-disclosure.txt

YFZblu

Wow, plaintext - Simply amazing. I wonder how much of that information also doubles as peoples Facebook login credentials. SMH.

chrisone

good mine isnt in there lol

i changed it anyway as soon as i read what happened.

madisonmiller

"The hacking technique preys on poorly secured Web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information."

Sett

This is huge huge... Some of these passwords are hilarious. And I am sure a big portion of them are being reused.
Good I've never used any yahoo service, but it doesn't mean that the other big sites out there are safe.

Devilry

It always startles me how these huge companies can be so behind the times. I do understand and know why, it's because it takes SO much bureaucratic nonsense just to get an RFC done. Bet the guy who had that request in his possession and ignores it for... a decade? feels stupid now. Not to mention techs who are overwhelmed with loads of work and cannot even think about improvements.

SteveLord

Sett wrote: »

This is huge huge... Some of these passwords are hilarious. And I am sure a big portion of them are being reused.
Good I've never used any yahoo service, but it doesn't mean that the other big sites out there are safe.

Over 350 used a variant of the infamous "password" or "iloveyou"

Roguetadhg

There's not a doubt in my mind that a lot of these passwords are linked to other areas.

There's a few people with good ideas for passwords though.

petedude

YFZblu wrote: »

I wonder how much of that information also doubles as peoples Facebook login credentials.

What hackers are undoubtedly hoping for. Good thing I don't use Yahoo anything much anymore.

RobertKaucher

My Yahoo account was not in there...

My favorite password so far is mypassword or maybe happyday.

rsutton

I almost feel sorry for Yahoo's new(ish) CEO, this will not help the doubts that consumers are having...

chaser7783

Looks like Nvidia was hit also, but at least they hashed passwords:
NVIDIA

humdingy02

Interesting thread. It's good to see that I'm not the only one who searched for himself, then browsed some of the password choices. Lots of easy ones, lots of complex ones - looks none of them were secure in the end though.

Jinverar

It;s definatly more user names and passwords than just yahoo. I see Gmail, Hotmail, and Shaw.ca. I have to add the following to the top 10.

oolala - Try doing a search for that password and see what you find.

chaser7783

Update on the Yahoo compromise:
https://www.computerworld.com/s/article/9229136/Yahoo_fixes_password_pilfering_bug_explains_who_s_at_risk