2012 Yahoo! Voices hack

Last updated
2012 Yahoo! Voices hack
DateJuly 12, 2012 (2012-07-12)
Cause Hack
SuspectsD33ds

Yahoo! Voices, formerly Associated Content, was hacked in July 2012. The hack is supposed to have leaked approximately half a million email addresses and passwords associated with Yahoo! Contributor Network. [1] The suspected hacker group, D33ds, used a method of SQL Injection to penetrate Yahoo! Voice servers. Security experts said that the passwords were not encrypted and the website did not use a HTTPS Protocol, which was one of the major reasons of the data breach. [2] The email addresses and passwords are still available to download in a plaintext file on the hacker's website. The hacker group described the hack as a "wake-up call" for Yahoo! security experts. [3] Joseph Bonneau, a security researcher and a former product analysis manager at Yahoo, said "Yahoo can fairly be criticized in this case for not integrating the Associated Content accounts more quickly into the general Yahoo login system, for which I can tell you that password protection is much stronger." [4]

Contents

Reaction by communities and users

D33DS, the suspected hacker group, said that the hack was a "wake-up call". They said that it was not a threat to Yahoo!, Inc. The IT Security firm TrustedSec.net said that the passwords contained a number of email addresses from Gmail, AOL, Yahoo, and more such websites. [5]

Response from Yahoo

Immediately after the hack, Yahoo!, in a written statement, apologized for the breach. Yahoo! did not disclose how many passwords were valid after the hack, because they said that every minute, 1–3 passwords are changed on their site. [6] Yahoo! said that only 5% of its passwords were stolen during the hack. [7] The hackers' website, d33ds.co, was not available later on Thursday, after the hack. [8] Yahoo! said in a written statement that it takes security very seriously and is working together to fix the vulnerability in its site. Yahoo! said that it was in the process of changing the passwords of the hacked accounts and notifying other companies of the hack. [4] [9]

Controversy

A simple matter had sparked a controversy over Yahoo!. The controversy was sparked because of Yahoo!'s silence about the data breach. After the servers were hacked, Yahoo! did not mail the affected victims, although it was promised earlier. There was no site-wide notifications about the hack, nor did any victim get any type of personal messages detailing how to reset their account passwords from Yahoo. [10]

Related Research Articles

<span class="mw-page-title-main">Phishing</span> Form of social engineering

Phishing is a form of social engineering and a scam where attackers deceive people into revealing sensitive information or installing malware such as viruses, worms, adware, or ransomware. Phishing attacks have become increasingly sophisticated and often transparently mirror the site being targeted, allowing the attacker to observe everything while the victim navigates the site, and transverses any additional security boundaries with the victim. As of 2020, it is the most common type of cybercrime, with the FBI's Internet Crime Complaint Center reporting more incidents of phishing than any other type of computer crime.

<span class="mw-page-title-main">Yahoo! Mail</span> American email service

Yahoo! Mail is an email service offered by the American company Yahoo, Inc. The service is free for personal use, with an optional monthly fee for additional features. Business email was previously available with the Yahoo! Small Business brand, before it transitioned to Verizon Small Business Essentials in early 2022. Launched on October 8, 1997, as of January 2020, Yahoo! Mail has 225 million users.

The following tables compare general and technical information for a number of notable webmail providers who offer a web interface in English.

Yahoo Voice was a Voice over Internet Protocol (VoIP), PC-PC, PC-Phone and Phone-to-PC telecommunications service. It was provided by Yahoo via its Yahoo Messenger instant messaging application.

LastPass is a password manager application. The standard version of LastPass comes with a web interface, but also includes plugins for various web browsers and apps for many smartphones. It also includes support for bookmarklets.

RockYou was a company that developed widgets for MySpace and implemented applications for various social networks and Facebook. Since 2014, it has engaged primarily in the purchases of rights to classic video games; it incorporates in-game ads and re-distributes the games.

EmailTray is a lightweight email client for the Microsoft Windows operating system. EmailTray was developed by Internet Promotion Agency S.A., a software development d.

The 2012 LinkedIn hack refers to the computer hacking of LinkedIn on June 5, 2012. Passwords for nearly 6.5 million user accounts were stolen. Yevgeniy Nikulin was convicted of the crime and sentenced to 88 months in prison.

Marcel Lehel Lazăr, known as Guccifer, is a Romanian hacker responsible for high-level computer security breaches in the U.S. and Romania. Lazăr targeted celebrities, Romanian and U.S. government officials, and other prominent persons.

In July 2015, an unknown person or group calling itself "The Impact Team" announced they had stolen the user data of Ashley Madison, a commercial website billed as enabling extramarital affairs. The hacker(s) copied personal information about the site's user base and threatened to release users' names and personal identifying information if Ashley Madison would not immediately shut down. As evidence of the seriousness of the threat, the personal information of more than 2,500 users was initially released. The company initially denied that its records were insecure, but it continued to operate.

<span class="mw-page-title-main">Have I Been Pwned?</span> Consumer security website and email alert system

Have I Been Pwned? is a website that allows Internet users to check whether their personal data has been compromised by data breaches. The service collects and analyzes hundreds of database dumps and pastes containing information about billions of leaked accounts, and allows users to search for their own information by entering their username or email address. Users can also sign up to be notified if their email address appears in future dumps. The site has been widely touted as a valuable resource for Internet users wishing to protect their own security and privacy. Have I Been Pwned? was created by security expert Troy Hunt on 4 December 2013.

Alex Holden is the owner of Hold Security, a computer security firm. As of 2015, the firm employs 16 people.

Credential stuffing is a type of cyberattack in which the attacker collects stolen account credentials, typically consisting of lists of usernames or email addresses and the corresponding passwords, and then uses the credentials to gain unauthorized access to user accounts on other systems through large-scale automated login requests directed against a web application. Unlike credential cracking, credential stuffing attacks do not attempt to use brute force or guess any passwords – the attacker simply automates the logins for a large number of previously discovered credential pairs using standard web automation tools such as Selenium, cURL, PhantomJS or tools designed specifically for these types of attacks, such as Sentry MBA, SNIPR, STORM, Blackbullet and Openbullet.

In 2013 and 2014, the American web services company Yahoo was subjected to two of the largest data breaches on record. Although Yahoo was aware, neither breach was revealed publicly until September 2016.

Yandex Mail is a Russian free email service developed by Yandex. It was launched on 26 June 2000, and is one of the three largest email services in Runet. The service uses automatic spam filtering, checks for viruses using antivirus software from Dr.Web, and an email translator.

ShinyHunters is a black-hat criminal hacker group that is believed to have formed in 2020 and is said to have been involved in numerous data breaches. The stolen information is often sold on the dark web.

<span class="mw-page-title-main">2021 Epik data breach</span> 2021 cybersecurity incident in America

The Epik data breach occurred in September and October 2021, targeting the American domain registrar and web hosting company Epik. The breach exposed a wide range of information including personal information of customers, domain history and purchase records, credit card information, internal company emails, and records from the company's WHOIS privacy service. More than 15 million unique email addresses were exposed, belonging to customers and to non-customers whose information had been scraped. The attackers responsible for the breach identified themselves as members of the hacktivist collective Anonymous. The attackers released an initial 180 gigabyte dataset on September 13, 2021, though the data appeared to have been exfiltrated in late February of the same year. A second release, this time containing bootable disk images, was made on September 29. A third release on October 4 reportedly contained more bootable disk images and documents belonging to the Texas Republican Party, a customer of Epik's.

References

  1. "Yahoo hack steals 400,000 passwords. Is yours on the list?". Christian Science Monitor. Retrieved July 29, 2012.
  2. "Yahoo! Voice fails security 101 as 443,000 passwords are exposed". CNNMoney.com. July 12, 2012. Retrieved July 29, 2012.
  3. The Yahoo! Hack: How to find if you're affected? Publisher: Tapscape.com
  4. 1 2 "Yahoo! fails security 101 as 443,000 passwords are leaked". CNN Money. July 12, 2012. Retrieved July 29, 2012.
  5. "Yahoo Password hack 2012:Breach details". LatinsPost. Retrieved July 29, 2012.
  6. Smith, Catharine (July 12, 2012). "Yahoo! Voice hack puts Gmail, AOL, Lycos into trouble". Huffingtonpost.com. Retrieved July 29, 2012.
  7. "Yahoo hacks leaks 4.5 lakhs of passwords". Business Today . Retrieved July 29, 2012.
  8. "Yahoo! Voice hacked: 4.5 lakh passwords in the net". IBNLive.com. Archived from the original on July 15, 2012. Retrieved July 29, 2012.
  9. "Yahoo Voices is latest to be hacked with 450,000 accounts stolen". Webpronews.com. Retrieved July 29, 2012.
  10. "Yahoo! fails to notify 453k+ of affected victims". Niuzer.com. Archived from the original on 4 March 2016. Retrieved 29 July 2012.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.