The search giant will need to strengthen security after the recent attack exposed how vulnerable their databases are. (Photo : REUTERS/Mario Anzuoni)
A recent online security breach has revealed almost 450,000 email addresses and passwords of users associated "Yahoo! Voices." The internet theft only adds to Yahoo's growing woes and elicits the growing need for online security.
Here is what IT security firm TrustedSec had to say on the matter.
"Few details are known at this point however, a recent post over 400,000 plus accounts that have clear text passwords were posted online. The passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more. The affected website was only named as a subdomain of yahoo.com however digging through and searching for the hostname, the attacker forgot to remove the hostname "dbb1.ac.bf1.yahoo.com" (credit to Mubix for the hostname find). Looking through a variety of sources, it appears that the compromised server was likely "Yahoo! Voices" which was formally known as Associated Content (credit to Adam Caudill for the linkage)."
The worst part is that the information was not encrypted, and immediately intelligible. Hacker group D33D which carried out the attack posted the email addresses and their corresponding passwords online for viewing here. Website Dazzlepod has created a search feature where you can simply type in your email address and see if it is on the revealing list.
The attack was a simple SQL injection, an incredibly basic tool in the hacker's toolkit and one that a worldwide tech giant like Yahoo should be able to fend off.
"Yahoo failed fatally here," said Anders Nilsson, security expert and chief technology officer of Scandinavian security company Eurosecure. "It's not just one specific thing that Yahoo mishandled -- there are many different things that went wrong here. This never should have happened."
Nilsson believes that Yahoo should have set alarms in place, had the information in place, and of course, built the website so it isn't susceptible to a simple SQL injection.
The most widely used password was "123456" and then "password". In the end, let's hope that Yahoo beefs up its security, and that people start getting a little more creative with their passwords.