453,000 Yahoo Logins Compromised; Time for a Password Refresh

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

Almost half a million Yahoo user accounts were compromised in a recent exploit. If you’re a current Yahoo service user or have an old account with a shared password on it, now’s the time to change it. Read on to get a refresher on good password practices.

Ars Technica reports on the breech:

The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.

To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.

Because of the unfortunate frequency of personal and large-scale password compromises, we’ve got a handy guide to recovering after your email password is compromised.

If you’d like to search the released logins and see if your account was compromised, you can do so here.

Hackers expose 453,000 credentials allegedly taken from Yahoo service [Ars Technica]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 07/12/12
More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!