Yahoo! Voices Server Gets Hacked, 400K Passwords Stolen
The Yahoo! Voices service was hacked on Thursday and more than 400,000 usernames and passwords were stolen. The re-branded Associated Content server associates user passwords with a users email address not just from Yahoo but also from Gmail, AOL and others.
Purchased by Yahoo in May 2010 the Associated Content platform was fully integrated with Yahoo in December 2011 and features crowd-sourced question and answers.
According to Trusted Sec:
“The (large) text file was stored on the d33ds.co web server, but was not available at the time of this writing and has likely been pulled as the root domain is still connectable.”
After hacking the passwords the hackers responsible left Yahoo a messaging, lecturing them about a lack of proper security protocols. The hackers wrote:
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
The scariest part of the hack appears to be that Yahoo stored user information inside a plain text document with absolutely zero encryption.
LulzSec, Anonymous and other hacking groups have failed to come forward and claim responsibility at this time.
Do you think company’s that fail to secure user data with proper security methods should face fines for their lack of user protections?
Tags : hackers, Passwords Stolen, yahoo, Yahoo Voices, Yahoo Voices Hacked
Posted: July 12, 2012
![Virginia Pastor Geronimo Aguilar Arrested On Child Sex Charges [Video]](http://cdn.inquisitr.com/wp-content/uploads/2013/05/Virginia-Pastor-Geronimo-Aguilar-arrested-2013-video-100x100.jpg)
![Kate Upton Declines Prom Request, Nina Agdal Accepts [Video]](http://cdn.inquisitr.com/wp-content/uploads/2013/05/Kate-Upton-Nina-Agdal-100x100.jpg)
![Amanda Bynes Arrested, Hospitalized In Bong Tossing Out Window Incident [Video]](http://cdn.inquisitr.com/wp-content/uploads/2013/05/amanda-bynes-arrested-hospitalized-on-bong-mental-health-charges-after-throwing-marijuana-bong-out-window-100x100.jpg)
Jul 12, 2012
In December of last year they made 2FA (two-factor authentication) available to their users calling it “second sign-in verification”. With this any suspicious account sign-in attempt (not from your computer) you will be challenged by a second sign-in verification beyond the initial password validation. To confirm the legitimacy of the sign-in attempt, you or the hijacker will have to answer your account security question or enter a verification code that will be sent to your mobile phone. I use two factor authentications across a lot of my accounts. I feel a lot more secure when I can telesign in to my account. If you have activated this option you should be ok, but obviously you should still change your password. If you haven’t done so… you might want to do so now through the Your Account Info page.