Home » News » India » Yahoo confirms vulnerability fixed
1-MIN READ

Yahoo confirms vulnerability fixed

Yahoo confirms vulnerability fixed

The most worrisome bit there was that the stored passwords were completely unencrypted.

New Delhi: Yahoo confirmed that the data comprising 4,00,000+ email and passwords that was leaked online in plain text had been sourced from their servers. In an official post on its ycorpblog, Yahoo now asserts that they have taken "swift action" and fixed the vulnerability.

In the post, Yahoo also informs that they have put in place additional security measures for users who were affected by the data breach. They go onto add that they have "enhanced" their security controls and are currently informing those users affected by the data breach. In their blog post, Yahoo! assures that they will take significant measures to protect their users and their data.

The company further in their post adds, "If you joined Associated Content prior to May 2010 using your Yahoo email address, please log in to your Yahoo account where you may be prompted to answer a series of authentication questions to change and validate your credentials."

One of our previous articles, detailing on the data breach, quoted Yahoo! as revealing that, "older file from Yahoo Contributor Network (previously Associated Content) containing approximately 4,00,000 Yahoo and other company users names and passwords was stolen yesterday, July 11." Yahoo went on to confirm that of the entire lot of e-mail ids and passwords compromised, less than five percent of the Yahoo! accounts had valid passwords.

The company has assured in the note that it is fixing the loophole that led to the breach, while also changing the passwords of the affected accounts. They are also informing companies whose user accounts may have been affected by the breach. Yahoo has also notified its users to change their passwords regularly, and also make themselves aware of online safety tips at security.yahoo.com.

Hackers belonging to a hacking collective called D33Ds Company recently managed to retrieve and subsequently dump login details of more than 4,00,000+ user accounts in plain text.

The most worrisome bit there was that the stored passwords were completely unencrypted. It has been brought to light that the hackers used a union-based SQL injection attack to get away with the information stored in the database.

To read more visit: www.tech2.com

first published:July 15, 2012, 11:39 IST