Few details are known at this point however, a recent post over 400,000 plus accounts that have clear text passwords were posted online. The passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more. The affected website was only named as a subdomain of yahoo.com however digging through and searching for the hostname, the attacker forgot to remove the hostname “dbb1.ac.bf1.yahoo.com” (credit to Mubix for the hostname find). Looking through a variety of sources, it appears that the compromised server was likely “Yahoo! Voices” which was formally known as Associated Content (credit to Adam Caudill for the linkage).
The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public. The method for the compromise was apparently a SQL Injection attack to extract the sensitive information from the database.
Below is a small snippet of what the passwords looked like from the leaked document (email addresses redacted):
If you are concerned about your password and for a full list of all of the usernames and passwords compromised; head over to the below link. Note that the filesize is large and will take quite a long time to load.
Users of Yahoo are advised to change their passwords IMMEDIATELY. Also beware of the same password you may have used on other websites.
UPDATE 1: Note, fixed the title and body to reflect “Yahoo! Voices” not “Voice”. They are two separate applications
UPDATE 2: Yahoo! has confirmed the breach and is resetting the passwords for the users.
Author: David Kennedy
Security expert, keynote speaker, avid gamer and the go-to for protecting companies from threats.