Ars Technicia reporting that hackers’ collective known as D33Ds Company had posted the login credentials for over 453,000 user accounts that said to be retrieved from an unidentified service in plaintext on Yahoo. The hackers posted the plaintext credentials for 453,492 Yahoo accounts, over 2,700 database table or column names, and 298 MySQL variables.
According to the TrustedSec blog, the hacked service might be Yahoo Voice, aka Associated Content, although the speculations are high saying that the string “dbb1.ac.bf1.yahoo.com” included in the dump. The post said, that subdomain is associated with the voice service.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” a brief note at the end of the dump stated. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
(Image Source: Flickr)