Hackers raid Yahoo

Hackers have posted the details of more than 450,000 Yahoo customers in what they dubbed a wakeup call for the company.

According to the Guardian, Yahoo appeared to have been storing the details of hundreds of thousands of login credentials stored in plain text.

The hackers said they used a union-based SQL injection technique to penetrate the Yahoo subdomain.

They said in a comment at the bottom of the data that the parties responsible for managing the security of this subdomain will take this “as a wake-up call, and not as a threat”.

“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage,” they said.

The subdomain belonged to Yahoo Voices, which was formerly known as Associated Content. It might have been that it was data which was sitting around on an ancient Associated Content server which was not upgraded when Yahoo bought the company.

Password security is a “bit of a cause” at the moment following high-profile password thefts at LinkedIn, eHarmony, and Last.fm.

Yesterday, Formspring announced it had disabled the passwords of its entire user base after discovering about 420,000 hashed passwords that appeared to come from the question-and-answer site were posted to a security forum.