Connect to share and comment

Yahoo investigating password breach of 450,000 users

Yahoo confirmed that it was investigating a password breach that might have exposed over 450,000 user IDs.

yahoo password breach july 12 2012Enlarge
Yahoo confirmed on July 12, 2012, that it was investigating a security breach that may have exposed the passwords of over 400,000 user IDs. (Justin Sullivan/AFP/Getty Images)

Yahoo confirmed on Thursday that it was investigating a breach of its system which may have exposed the usernames and passwords of up to 450,000 users, according to the BBC.

The attack probably originated from servers connected to Yahoo Voices, according to US security firm Trustedsec. The hacking group D33DS claimed credit for the attack, according to the BBC.

The Associated Press cited tech news sites CNET, Ars Technica and Mashable with the information that over 453,000 login credentials from a Yahoo subdomain were posted on the D33D Company's website.

The group said they used an SQL injection, "a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites," to steal the information, according to the AP.

More on GlobalPost: British National Archives release government's UFO files

The group reportedly said, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call."

In a statement, Yahoo said, "We confirm that an older file from Yahoo Contributor Network... containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday," according to the BBC. It added that only 5 percent of the accounts had valid passwords, and that it was taking immediate action to fix the vulnerability.

The New York Times noted that the usernames and passwords appeared to be for not only Yahoo, but also Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and users.

More on GlobalPost: Wells Fargo to pay $175M in mortgage discrimination settlement