Update: Yahoo Confirms 450k Voice Passwords Breached - julianfrowleall

450,000 Yahoo Voice Passwords Breached, Hacking Group Claims

A hacker chemical group calling itself the D33ds Companion has posted more than 450,000 login credentials online, claiming that the pilfered email addresses and passwords came from an unnamed Yahoo table service. The hackers say they were able to obtain the certificate through an SQL injection, a vernacular attack method that gave Sony and so often trouble in 2022.

The archetype D33ds website that posted the login credentials (d33ds.co) was downfield as of early Th morning; however, the school tex file out is forthcoming through torrents and sites such as Media Fire.

"We hope that the parties amenable for managing the security of this subdomain bequeath bring on this as a wake-rising call, and not as a threat," the D33ds group said in the document containing the leaked certification. The group same IT did not reveal which Yahoo service the hacked credential came from "to head off further damage."

Update 1pm ET 7/12: Yahoo confirmed it was hacked and provided the succeeding assertion:

"An elder file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised yesterday, Of these, to a lesser degree 5% of the Yahoo! accounts had legitimate passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, dynamic the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords regularly and also familiarise themselves with our online safety tips at security.yahoo.com."

It's not clear which Yahoo service the hacked login credentials came from Beaver State if they came from Yahoo at all. Research by information security firm TrustedSec suggests the hacked service was Yahoo! Voices, a user-generated blogging platform that Yahoo obtained arsenic start out of its accomplishment of Associated Content in 2022. A quick glance at a simulate of the hacked login credentials obtained by PCWorld shows a wide variety of webmail addresses including AOL, Gmail, Hotmail, Yahoo, and others.

Security system firm Eset also took a look at the hacked data and pulled out the 10 most common passwords ill-used. Information technology should derive as no surprise that the most popular passwords were all dangerous choices including:123456, password, welcome, ninja, abc123, 123456789, 12345678, sunshine, princess, and qwerty. If you are exploitation any of those phrases to secure your online accounts, control out PCWorld's "How to Build Better Passwords Without Losing Your Mind" to learn about choosing secure passwords.

If you're a Yahoo Voices exploiter, you may want to change your parole soon, and if you use the same login credentials on more sensitive services such arsenic e-ring armou or financial accounts, you should also change those as soon as possible.

Touch base with Ian Paul (@ianpaul) along Twitter andGoogle+, and with Today@PCWorld on Twitter for the latest tech news and analytic thinking.