Mobile  |  About us  |  Photos  |  Videos  |  Subscriptions  |  RSS Feeds  |  Today's Paper  |  Classifieds  |  Contact Us
The Daily Star
THURSDAY, 24 APR 2014
04:02 AM Beirut time
Weather    
Beirut
18 °C
Blom Index
BLOM
1,214.01down
International
Follow this story Print RSS Feed ePaper share this
Yahoo confirms theft of 450,000 users' passwords
Associated Press
Yahoo Inc. offices, housing its Search Marketing Group, are pictured in Burbank, California, in this file picture taken October 14, 2010. (REUTERS/Fred Prouser/Files)
Yahoo Inc. offices, housing its Search Marketing Group, are pictured in Burbank, California, in this file picture taken October 14, 2010. (REUTERS/Fred Prouser/Files)
A+ A-

LONDON: Some 450,000 Yahoo users' email addresses and passwords have been leaked because of a security breach, the company confirmed Thursday, adding that just a small fraction of the stolen passwords were valid.

The company said in a statement that an "old file" from the Yahoo Contributor Network was compromised Wednesday. Among the stolen emails and passwords were many from Yahoo's own email service along with those of other companies. The Yahoo Contributor Network is a content-sharing platform.

Yahoo said it is fixing the vulnerability that led to the disclosure, changing the passwords of affected Yahoo users, and notifying other companies whose users' accounts may have been compromised.

"We apologize to all affected users," the company statement said.

Technology news websites including CNET, Ars Technica, and Mashable identified the hackers behind the attack as a little-known outfit calling itself the D33D Company. The group was quoted as saying it had stolen the unencrypted passwords using an SQL injection - the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable websites.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call," the group was quoted as saying.

Online security experts said Yahoo might have done more to protect the stored passwords, with Ohio-based TrustedSec describing the Internet giant's decision not to encrypt them as "most alarming."

Nevertheless, the haul does not appear as useful to hackers as they might have thought. Yahoo cautioned that only 5 percent of passwords associated with its account holders were valid.

It was not immediately possible to contact the Ukraine-registered website associated with D33D Company. Its contact form was inoperable Thursday, while an email address and a phone number attributed to the site's registrant appeared to be invalid.

 
Home International
 
     
 
United Kingdom
Advertisement
Comments  

Your feedback is important to us!

We invite all our readers to share with us their views and comments about this article.

Disclaimer: Comments submitted by third parties on this site are the sole responsibility of the individual(s) whose content is submitted. The Daily Star accepts no responsibility for the content of comment(s), including, without limitation, any error, omission or inaccuracy therein. Please note that your email address will NOT appear on the site.

comments powered by Disqus
Advertisement


Baabda 2014
Advertisement
Follow us on Facebook Follow us on Twitter Follow us on Linked In Follow us on Google+ Subscribe to our Live Feed
Multimedia
Images  
Pictures of the day
A selection of images from around the world- Wednesday, April 23, 2014
View all view all
Advertisement
Rami G. Khouri
Rami G. Khouri
Israel shows Zionism’s true colors
Michael Young
Michael Young
For Christians, blessed are the dividers
David Ignatius
David Ignatius
An Iran deal is close, but we’re not there yet
View all view all
Advertisement
cartoon
 
Click to View Articles
 
 
News
Business
Opinion
Sports
Culture
Technology
Entertainment
Privacy Policy | Anti-Spamming Policy | Disclaimer | Copyright Notice
© 2014 The Daily Star - All Rights Reserved - Designed and Developed By IDS