Yahoo! (YHOO) Slumps as Over 400,000 Login Credentials Said to Be Hacked
Tweet Send to a FriendGet Alerts GOOG Hot Sheet
Trade GOOG Now!
If you're like most Americans, you enjoy the warm comfort from knowing your account login credentials are safe, whether it be for Google (Nasdaq: GOOG), Facebook (Nasdaq: FB), JPMorgan Chase (NYSE: JPM), Yahoo! (Nasdaq: YHOO)...
Er, about that last one.
According to reports out Thursday, about 453,000 login credentials were posted for hackers in plaintext format.
The "dump" was posted to a hacking site via the hacking collective known as D33Ds Company. D33Ds said it "penetrated the Yahoo subdomain using what's known as a union-based SQL injection." Ars Technica, a website which reports on this sort of thing, said the technique "preys on poorly secured web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information."
Evidently, Yahoo! was storing the information unencrypted.
No ill intent was made though, with D33Ds simply saying it hoped the exposure would be a "wake-up call" to the parties responsible for managing the data.
Shares of Yahoo! are lower in early trading.
Join StreetInsider.com FREE and get immediately alerted when news breaks on your stocks and other market items - JOIN NOW
*NEW - Download StreetInsider's FREE iPhone and iPad App - Click Here
Er, about that last one.
According to reports out Thursday, about 453,000 login credentials were posted for hackers in plaintext format.
The "dump" was posted to a hacking site via the hacking collective known as D33Ds Company. D33Ds said it "penetrated the Yahoo subdomain using what's known as a union-based SQL injection." Ars Technica, a website which reports on this sort of thing, said the technique "preys on poorly secured web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information."
Evidently, Yahoo! was storing the information unencrypted.
No ill intent was made though, with D33Ds simply saying it hoped the exposure would be a "wake-up call" to the parties responsible for managing the data.
Shares of Yahoo! are lower in early trading.
Join StreetInsider.com FREE and get immediately alerted when news breaks on your stocks and other market items - JOIN NOW
*NEW - Download StreetInsider's FREE iPhone and iPad App - Click Here
You May Also Be Interested In
- Despite Outside Interest, Tumblr and Yahoo! (YHOO) Are in Lockup (MSFT) (FB)
- Yahoo (YHOO) Partners to Add Twitter to Yahoo! Newsfeed
- Cross-Border Ops Make Kansas City Southern (KSU) Ripe for Takeover
Create E-mail Alert Related Categories
Insiders' BlogRelated Entities
JPMorgan
Login with Facebook
Sign up for StreetInsider Free!
Receive full access to all new and archived articles, unlimited portfolio tracking, e-mail alerts, custom newswires and RSS feeds - and more!
