Hackers hit Yahoo; post 450,000 passwords online
By Doug Gross, CNN
(CNN) – Hackers posted online what they say is login information for more than 450,000 Yahoo users.
The hack, which of course was conducted anonymously, was meant to be a warning, according to the Web page where the documents were dumped.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” a note on the page said. “There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”
The statement adds that the “subdomain and vulnerable parameters” that were used to hack the site were not posted “to avoid further damage.”
The Web page where the data was dumped was offline for much of Thursday morning.
The accounts that were hacked appear to be those of users of Yahoo Voice, according to the Twitter feed of Web-security firm TrustedSec.
The service allows users to make online voice and video calls to other computers or, for a fee, telephones.
Perhaps due to the similarity of the names, some reports Thursday were saying it was users of Yahoo Voices who were affected.
Voices is an online publishing tool. Formerly known as Associated Content, it was acquired by Yahoo in 2010. Starting in its days as an independent company, many have criticized it as a “content farm,” a website that cranks out low-quality content designed to game search engines like Google to get page views and sell advertising.
Yahoo did not immediately respond to messages seeking comment for this story early Thursday.
As it has after previous hacks, tech blog CNET broke down the list to find the most frequently used passwords. Many of them were embarrassingly easy to crack.
Sequential lists of numbers, like “12345,” were used 2,295 times, and “password” was used 780 times, out of the 450,000 passwords.