[Noisebridge-discuss] yahoo hacked - plain text passwords!!!!!
Jake
jake at spaz.org
Thu Jul 12 20:42:18 UTC 2012
i was wondering why i kept getting so much yahoo spam, from people i used
to know.
http://news.cnet.com/8301-1009_3-57471178-83/yahoos-password-leak-what-you-need-to-know-faq/
A hacker collective calling itself D33Ds Co. publicly posted more than
450,000 login credentials -- i.e., paired usernames and passwords --
obtained from Yahoo's "Contributor Network" site. In that data dump, the
hackers described their attack as a "union-based SQL injection," which is
effectively a way of tricking the database on a poorly secured site into
divulging private information.
Which, in this case, yielded a treasure trove of usernames and passwords,
apparently all stored in plain text -- itself a fairly significant
security failure on Yahoo's part. Passwords are usually cryptographically
masked in a process called "hashing" to prevent exactly this sort of mass
disclosure.
More information about the Noisebridge-discuss
mailing list