How-To Geek

453,000 Yahoo Logins Compromised; Time for a Password Refresh

Note: This article is part of our archive and is likely out of date.
(Links may not work, downloads have not been recently tested for safety)

Almost half a million Yahoo user accounts were compromised in a recent exploit. If you’re a current Yahoo service user or have an old account with a shared password on it, now’s the time to change it. Read on to get a refresher on good password practices.

Ars Technica reports on the breech:

The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.

To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.

Because of the unfortunate frequency of personal and large-scale password compromises, we’ve got a handy guide to recovering after your email password is compromised.

If you’d like to search the released logins and see if your account was compromised, you can do so here.

Hackers expose 453,000 credentials allegedly taken from Yahoo service [Ars Technica]

Jason Fitzpatrick is a warranty-voiding DIYer who spends his days cracking opening cases and wrestling with code so you don't have to. If it can be modded, optimized, repurposed, or torn apart for fun he's interested (and probably already at the workbench taking it apart). You can follow him on if you'd like.

  • Published 07/12/12

Comments (10)

  1. LadyFitzgerald

    Thanks for the heads up. I changed my password this morning.

  2. Superevil

    I was gonna say “people still use Yahoo?”, but every now and then I speak with people who still have AOL email addresses.

  3. Dark Reality

    My wife still uses Yahoo. She says Gmail is confusing. I don’t blame her, Yahoo Mail is not bad. Yahoo itself is kinda “meh” but their email is alright in my book, and they have Flickr.

    The site linked stipulated “Yahoo Voice”, not all of Yahoo. Should be mentioned here, IMO. I searched anyway and they didn’t have a record for her, so all’s well there.

  4. keltari

    I like yahoo mail soooo much better than gmail. honestly, I dont understand why anyone likes gmail, its horrible.

  5. ron

    I have use both gmail and yahoo. No trouble with yahoo at all and i still have AOL from 7 years ago. I have had a little trouble with gmail not letting me log in but it is rare .. Like all 3 .

  6. Kevalin

    I solved the problem just this week by giving Yahoo the gate after something like twelve years with the same email address. I just got sick of the ten-thousand little annoyances that have come with their seemingly weekly attemps to “upgrade” the service–and the increase in spam since I made the mistake of (briefly) using that address to sign up for a Facebook account.

  7. antcient1one

    Thanks for the info.. Headed to yahoo now..

  8. Ian

    DO NOT follow the link to check your email address – this is a virus based link

    unfortunately i checked my yahoo email address and already i have had several of my contact list message or ring me direct with words of displeasure…

    shame on you PC Geek for not verifying this before publishing it – i’ve always trusted your services..

  9. max

    Maybe it’s hip to hate Yahoo Mail, I don’t know. It works and is easier to use than Gmail. You can also revert to its classic setting if you do not like the New look.

  10. spike

    @Ian: ?? Nobody else mentioned a virus. I didn’t get one for sure. Probably something else on your end. HTG is fine.

More Articles You Might Like

Enter Your Email Here to Get Access for Free:

Go check your email!