Yesterday Formspring , today Yahoo! Voices.
Click to enlarge
Half a million Yahoo! Voices user details have been leaked online, reports indicate.
A hacker group called ‘D33DS Co’, leaked 453,491 unencrypted email addresses and passwords online after compromising Yahoo’s internal security systems.
Yahoo! Voices is a self publishing service allows members post articles, videos to online forums.
Gmail, Microsoft, Yahoo and other user email passwords were also leaked, says security guru TrustedSec.
“The passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more.”
The hackers say they did it as a “wake up call and not as a threat” to Yahoo! In an attempt to expose vulnerabilities in its security systems.
D33DS Co’ claims it used a “Union-based SQL Injection” to lift the data and leaked the personal info in a document marked “Owned and Exposed”.
Yahoo! said they are investigating the incident and are fixing the vulnerability that caused the leak.
It also said it was changing user passwords and notifying companies affected.
But Yahoo also insisted that under 5% of the exposed Voices accounts had passwords that were still valid.
“If you use Yahoo Voices, you should probably change your password now.,” writes Sophos Labs security expert Anna Brading.
But its still w worrying development and there are “questions which need to be answered – such as how were the hackers able to gain access to the information, and what measures was the site taking to ensure that even if its databases were breached, the passwords would not be easy to convert into plain text,” Brading believes.
This is just hte latest in a string of hacking incidents of late, with dating site eHarmony, Twitter, LinkedIn and Formspring just some of the major Internet players who have suffered similar attacks.