(The Hosting News) – Users were left scrambling after an SQL injection apparently resulted in leaked usernames and passwords for Yahoo! Voices, a site that allows people to publish their articles in exchange for money.
According to a blog post from Sophos, the attack was confirmed by hacking group D33DS Company in a document. The usernames and passwords accounted for 454,491 people. The tactic used? A “Union-based SQL Injection,” according to the group.
The hackers surprisingly didn’t seem too aggressive when commenting on the leak. “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” read D33DS Company’s statement.
Nonetheless, usernames and passwords are now in the public domain, a sign that Yahoo! Voices members should probably rush to reset their login credentials now. Yahoo! has since acknowledged the issue. “We are currently investigating the claims of a compromise of Yahoo! user IDs,” commented the company, according to a report by the BBC.
“The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public,” commented a post from information security company Trusted Sec. Trusted Sec also said the leaked data pertained to email accounts used for the service on Yahoo!, Gmail and AOL.
Today’s news regarding a hack follows a previous one launched against social Q&A site Formspring. During that breach, hackers reportedly succeeded in leaking 420 password hashes.