Unidentified Yahoo service database compromised
chaser7783
Member Posts: 154
in Off-Topic
Sad big companies still store this kind of info in plaintext.
Link: Hackers expose 453,000 credentials allegedly taken from Yahoo service | Ars Technica
Link: Hackers expose 453,000 credentials allegedly taken from Yahoo service | Ars Technica
Comments
-
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■What year is this? 2001?
When your Dr. says that a high salt diet is unhealthy he does not mean for your passwords and that's not the kind of injection that cures diseases either... Unsalted passwords and unparameterized SQL...
COME ON DEVELOPERS! WTH? -
chaser7783 Member Posts: 154What bothers me so far is the action they have taken after the fact:"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."
Security through obscurity at it's best.[FONT=Arial, sans-serif]
[/FONT] -
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■The article actually did not mention anything done by Yahoo as an attempt to correct the issue. That was a comment from the Hackers as to why they did not release more details. It is about as upstanding as you can get in their world.
-
mattlee09 Member Posts: 205I wonder how many potential CEO applicants just reconsidered (as if the decision wasn't hard enough before). RUN FOR THE HILLS!
-
demonfurbie Member Posts: 1,819 ■■■■■□□□□□wgu undergrad: done ... woot!!
WGU MS IT Management: done ... double woot :cheers: -
YFZblu Member Posts: 1,462 ■■■■■■■■□□Wow, plaintext - Simply amazing. I wonder how much of that information also doubles as peoples Facebook login credentials. SMH.
-
chrisone Member Posts: 2,278 ■■■■■■■■■□good mine isnt in there lol
i changed it anyway as soon as i read what happened.Certs: CISSP, EnCE, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, SPLK-1002, SC-200, SC-300, AZ-900, AZ-500, VHL:Advanced+
2023 Cert Goals: SC-100, eCPTX -
madisonmiller Banned Posts: 7 ■□□□□□□□□□"The hacking technique preys on poorly secured Web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information."
-
Sett Member Posts: 187This is huge huge... Some of these passwords are hilarious. And I am sure a big portion of them are being reused.
Good I've never used any yahoo service, but it doesn't mean that the other big sites out there are safe.Non-native English speaker -
Devilry Member Posts: 668It always startles me how these huge companies can be so behind the times. I do understand and know why, it's because it takes SO much bureaucratic nonsense just to get an RFC done. Bet the guy who had that request in his possession and ignores it for... a decade? feels stupid now. Not to mention techs who are overwhelmed with loads of work and cannot even think about improvements.
-
SteveLord Member Posts: 1,717This is huge huge... Some of these passwords are hilarious. And I am sure a big portion of them are being reused.
Good I've never used any yahoo service, but it doesn't mean that the other big sites out there are safe.
Over 350 used a variant of the infamous "password" or "iloveyou"WGU B.S.IT - 9/1/2015 >>> ??? -
Roguetadhg Member Posts: 2,489 ■■■■■■■■□□There's not a doubt in my mind that a lot of these passwords are linked to other areas.
There's a few people with good ideas for passwords though.In order to succeed, your desire for success should be greater than your fear of failure.
TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams -
petedude Member Posts: 1,510I wonder how much of that information also doubles as peoples Facebook login credentials.
What hackers are undoubtedly hoping for. Good thing I don't use Yahoo anything much anymore.Even if you're on the right track, you'll get run over if you just sit there.
--Will Rogers -
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■My Yahoo account was not in there...
My favorite password so far is mypassword or maybe happyday. -
rsutton Member Posts: 1,029 ■■■■■□□□□□I almost feel sorry for Yahoo's new(ish) CEO, this will not help the doubts that consumers are having...
-
chaser7783 Member Posts: 154Looks like Nvidia was hit also, but at least they hashed passwords:
NVIDIA -
humdingy02 Member Posts: 35 ■■□□□□□□□□Interesting thread. It's good to see that I'm not the only one who searched for himself, then browsed some of the password choices. Lots of easy ones, lots of complex ones - looks none of them were secure in the end though.WGU - BS, IT Security (starting Feb 1st, 2012)
Remaining: LUT1,QBT1,DFV1,BOV1,HHT1,QLT1,RIT1,IWC1,IWT1,DJV1,KET1,TPV1,MGC1,CVV1,CJV1,KFT1,CNV1,SBT1,RGT1
Completed: WFV1,CLC1,INT1,CUV1,CQV1,BNC1,GAC1
Transferred: AGC1,BBC1,LAE1,AXV1,CPV1,INC1,CSV1,COV1,CTV1,DHV1,BVC1 -
Jinverar Member Posts: 95 ■■■□□□□□□□It;s definatly more user names and passwords than just yahoo. I see Gmail, Hotmail, and Shaw.ca. I have to add the following to the top 10.
oolala - Try doing a search for that password and see what you find.Jinverar, TSS -
chaser7783 Member Posts: 154Update on the Yahoo compromise:
https://www.computerworld.com/s/article/9229136/Yahoo_fixes_password_pilfering_bug_explains_who_s_at_risk