453,492 Yahoo log-in details were published to a security forum yesterday after hacking group D33ds allegedly “retrieved in plaintext from an unidentified service on Yahoo”.
The breach follows the recent hacking of other popular sites, including LastFM and LinkedIn, which both had over 6 million passwords leaked last month.
Many believe that the hackings are not related, however with popular social network FormSpring also coming under attack recently, chances are increasing that there is a link between the websites’ recent downfall.
D33ds have said they penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. They’ve also said the hacking technique preys on ‘poorly secured web applications’.
However, this embarrassing attack for Yahoo wasn’t directed as a threat, or so D33ds have
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat“
Users of FormSpring and Yahoo are advised to change their password immediately and to not use the same passwords across different websites.