We're a bit slow on the uptake given SANSFIRE, but as you are likely well aware, a SQL injection vulnerability was leveraged to gain access to the Yahoo Voice service which was utilized by attackers to acquire then post login credentials for more than 453,000 user accounts that they said they retrieved in plaintext. You can download and review the account list for account that may impact you or your organizations here: http://74.208.161.170:81/yahoo-disclosure.tar.gz
Related stories:
Password analysis of the account list proved what we've all come to expect. "The top five passwords in the stolen batch were "123456," "password," "welcome," "ninja" and "abc123," said David Harley, senior research fellow at security firm ESET."
Ninja = great skill set, bad password. :-)
|
Russ McRee 198 Posts ISC Handler Jul 13th 2012 |
Thread locked Subscribe |
Jul 13th 2012 8 years ago |
So at this point is anyone advising people to change passwords on their Yahoo accounts?
|
Anonymous |
Quote |
Jul 13th 2012 8 years ago |
Mike, I tend to operate on the premise that a password change under these circumstances goes without saying, but as per advising to do so, without a doubt users should.
|
Russ McRee 198 Posts ISC Handler |
Quote |
Jul 14th 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!