Jump to content

2012 Yahoo! Voices hack

From Wikipedia, the free encyclopedia
2012 Yahoo! Voices hack
DateJuly 12, 2012 (2012-07-12)
CauseHack
SuspectsD33ds

Yahoo! Voices, formerly Associated Content, was hacked in July 2012. The hack is supposed to have leaked approximately half a million email addresses and passwords associated with Yahoo! Contributor Network.[1] The suspected hacker group, D33ds, used a method of SQL Injection to penetrate Yahoo! Voice servers. Security experts said that the passwords were not encrypted and the website did not use a HTTPS Protocol, which was one of the major reasons of the data breach.[2] The email addresses and passwords are still available to download in a plaintext file on the hacker's website. The hacker group described the hack as a "wake-up call" for Yahoo! security experts.[3] Joseph Bonneau, a security researcher and a former product analysis manager at Yahoo, said "Yahoo can fairly be criticized in this case for not integrating the Associated Content accounts more quickly into the general Yahoo login system, for which I can tell you that password protection is much stronger."[4]

Reaction by communities and users

[edit]

D33DS, the suspected hacker group, said that the hack was a "wake-up call". They said that it was not a threat to Yahoo!, Inc. The IT Security firm TrustedSec.net said that the passwords contained a number of email addresses from Gmail, AOL, Yahoo, and more such websites. [5]

Response from Yahoo

[edit]

Immediately after the hack, Yahoo!, in a written statement, apologized for the breach. Yahoo! did not disclose how many passwords were valid after the hack, because they said that every minute, 1–3 passwords are changed on their site.[6] Yahoo! said that only 5% of its passwords were stolen during the hack.[7] The hackers' website, d33ds.co, was not available later on Thursday, after the hack.[8] Yahoo! said in a written statement that it takes security very seriously and is working together to fix the vulnerability in its site. Yahoo! said that it was in the process of changing the passwords of the hacked accounts and notifying other companies of the hack.[4] [9]

Controversy

[edit]

A simple matter had sparked a controversy over Yahoo!. The controversy was sparked because of Yahoo!'s silence about the data breach. After the servers were hacked, Yahoo! did not mail the affected victims, although it was promised earlier. There was no site-wide notifications about the hack, nor did any victim get any type of personal messages detailing how to reset their account passwords from Yahoo.[10]

References

[edit]
  1. ^ "Yahoo hack steals 400,000 passwords. Is yours on the list?". Christian Science Monitor. Retrieved July 29, 2012.
  2. ^ "Yahoo! Voice fails security 101 as 443,000 passwords are exposed". CNNMoney.com. July 12, 2012. Retrieved July 29, 2012.
  3. ^ The Yahoo! Hack: How to find if you're affected? Publisher: Tapscape.com
  4. ^ a b "Yahoo! fails security 101 as 443,000 passwords are leaked". CNN Money. July 12, 2012. Retrieved July 29, 2012.
  5. ^ "Yahoo Password hack 2012:Breach details". LatinsPost. Retrieved July 29, 2012.
  6. ^ Smith, Catharine (July 12, 2012). "Yahoo! Voice hack puts Gmail, AOL, Lycos into trouble". Huffingtonpost.com. Retrieved July 29, 2012.
  7. ^ "Yahoo hacks leaks 4.5 lakhs of passwords". Business Today. Retrieved July 29, 2012.
  8. ^ "Yahoo! Voice hacked: 4.5 lakh passwords in the net". IBNLive.com. Archived from the original on July 15, 2012. Retrieved July 29, 2012.
  9. ^ "Yahoo Voices is latest to be hacked with 450,000 accounts stolen". Webpronews.com. Retrieved July 29, 2012.
  10. ^ "Yahoo! fails to notify 453k+ of affected victims". Niuzer.com. Archived from the original on 4 March 2016. Retrieved 29 July 2012.
[edit]