Yahoo! confirms vulnerability fixed
Yesterday, Yahoo! confirmed that the data comprising 400,000+ email and passwords that was leaked online in plain text had been sourced from their servers. In an official post on its ycorpblog, Yahoo! now asserts that they have taken "swift action" and fixed the vulnerability. In the post, Yahoo! also informs that they have put in place additional security measures for users who were affected by the data breach. They go onto add that they have "enhanced" their security controls and are currently informing those users affected by the data breach. In their blog post, Yahoo! assures that they will take significant measures to protect their users and their data.
Yahoo! confirms fixing vulnerability
The company further in their post adds, "If you joined Associated Content prior to May 2010 using your Yahoo! email address, please log in to your Yahoo! account where you may be prompted to answer a series of authentication questions to change and validate your credentials."
One of our previous articles, detailing on the data breach, quoted Yahoo! as revealing that, "older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11." Yahoo! went on to confirm that of the entire lot of e-mail ids and passwords compromised, less than five percent of the Yahoo! accounts had valid passwords. The company has assured in the note that it is fixing the loophole that led to the breach, while also changing the passwords of the affected accounts. They are also informing companies whose user accounts may have been affected by the breach. Yahoo! has also notified its users to change their passwords regularly, and also make themselves aware of online safety tips at security.yahoo.com.
Hackers belonging to a hacking collective called D33Ds Company recently managed to retrieve and subsequently dump login details of more than 400,000+ user accounts in plain text. The most worrisome bit there was that the stored passwords were completely unencrypted. It has been brought to light that the hackers used a union-based SQL injection attack to get away with the information stored in the database. A note at the end of the dump reads, "We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The sub-domain and vulnerable parameters have not been posted to avoid further damage."