How-To Geek
453,000 Yahoo Logins Compromised; Time for a Password Refresh
Almost half a million Yahoo user accounts were compromised in a recent exploit. If you’re a current Yahoo service user or have an old account with a shared password on it, now’s the time to change it. Read on to get a refresher on good password practices.
Ars Technica reports on the breech:
The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.
To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.
Because of the unfortunate frequency of personal and large-scale password compromises, we’ve got a handy guide to recovering after your email password is compromised.
If you’d like to search the released logins and see if your account was compromised, you can do so here.
Hackers expose 453,000 credentials allegedly taken from Yahoo service [Ars Technica]
Got Feedback? Join the discussion at discuss.howtogeek.com
Comments (10)
Jason Fitzpatrick is warranty-voiding DIYer and all around geek. When he's not documenting mods and hacks he's doing his best to make sure a generation of college students graduate knowing they should put their pants on one leg at a time and go on to greatness, just like Bruce Dickinson. You can follow him on Google+ if you'd like.
- Published 07/12/12
Thanks for the heads up. I changed my password this morning.
I was gonna say “people still use Yahoo?”, but every now and then I speak with people who still have AOL email addresses.
My wife still uses Yahoo. She says Gmail is confusing. I don’t blame her, Yahoo Mail is not bad. Yahoo itself is kinda “meh” but their email is alright in my book, and they have Flickr.
The site linked stipulated “Yahoo Voice”, not all of Yahoo. Should be mentioned here, IMO. I searched anyway and they didn’t have a record for her, so all’s well there.
I like yahoo mail soooo much better than gmail. honestly, I dont understand why anyone likes gmail, its horrible.
I have use both gmail and yahoo. No trouble with yahoo at all and i still have AOL from 7 years ago. I have had a little trouble with gmail not letting me log in but it is rare .. Like all 3 .
I solved the problem just this week by giving Yahoo the gate after something like twelve years with the same email address. I just got sick of the ten-thousand little annoyances that have come with their seemingly weekly attemps to “upgrade” the service–and the increase in spam since I made the mistake of (briefly) using that address to sign up for a Facebook account.
Thanks for the info.. Headed to yahoo now..
DO NOT follow the link to check your email address – this is a virus based link
unfortunately i checked my yahoo email address and already i have had several of my contact list message or ring me direct with words of displeasure…
shame on you PC Geek for not verifying this before publishing it – i’ve always trusted your services..
Maybe it’s hip to hate Yahoo Mail, I don’t know. It works and is easier to use than Gmail. You can also revert to its classic setting if you do not like the New look.
@Ian: ?? Nobody else mentioned a virus. I didn’t get one for sure. Probably something else on your end. HTG is fine.