Yahoo! Voices (née Associated Content) has been hacked by a group calling itself D33Ds Company. The perps claim to have lifted almost half a million login credentials using a SQL-injection attack. In IT Blogwatch, bloggers change their Yahoo! (NASDAQ:YHOO) passwords, just in case.
By Richi Jennings: Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The Queen's royal sausages...
Dave Kennedy broke the story:
So let's turn to Dan Goodin, at his new home:
The [passwords] posted on a public website by a hacking collective [who] said it penetrated the Yahoo subdomain using...a union-based SQL injection.
To support their claim, the hackers posted what they said were the plaintext credentials for 453,492...accounts.
And Andy Greenberg raids the wayback machine:
Do you Yahoo? Then you may want to change your account’s password.
D33Ds Company claimed...that the hack was intended to warn Yahoo! about similar vulnerabilities in its sites...“We hope that the parties responsible...will take this as a wake-up call. ... There have been many [Yahoo!] security holes...that have caused far greater damage than [this]. ... The subdomain and vulnerable parameters have not been posted to avoid further damage.”
In case you missed it, John "John" Koetsier repeats the advice advice:
...the affected service is... Yahoo Voices, the user-generated content service. ... Which means that if you’ve ever contributed content to Yahoo Voices or Associated Content...change your passwords.
[This is probably] case of hackers finding an old user account backup...[but] many people do not use unique usernames or passwords for different sites...[so] change your passwords!
Meanwhile, the Open Security Foundation notes this fascinating fact:
The Queen's royal sausages
[don't watch while eating!]