Do you use Yahoo Voice? If so, go change your password immediately. Hackers collectively known as D33Ds Company are taking credit for an SQL injection attack on a Yahoo subdomain believed to belong to Yahoo Voice. The hackers posted a document containing 453,492 plaintext Yahoo user accounts and passwords. The original website where the stolen information was posted appears to be down for the moment, but there are no do-overs on the Internet, and all that sensitive data is currently floating around torrent sites and other portals.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the D33Ds group stated in its data dump, according to Arstechnica. "There have been many security holes exploited in web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure."
D33Ds Company said it was withholding information about the subdomain "to avoid further damage," though TrustedSec did a little digging and found a dbb1.ac.bf1.yahoo.com string in the data dump, which points back to Yahoo's Voice service. Yahoo has yet to issue a statement on the security breach.
Image Credit: Flickr (Yodel Anecdotal)
Follow Paul on Google+, Twitter, and Facebook
