comScore
Tech Thursday, July 12th 2012 at 9:35 am

“D33DS Company” Hackers Release Info from 453,492 Yahoo! Accounts

By ( ) Comments

Have you had to change your login information in a paranoid fever after discovering that a major online service provider has been hacked in the last few weeks? Well, if you have a Yahoo! account, you might have some worrying to do. A hacker group called D33DS Company has apparently dumped 453,492 usernames and passwords obtained in plaintext from a Yahoo! service.

Ars Technica is reporting that usernames and passwords allegedly from Yahoo! were posted online by the D33DS Company group. Other sources indicate that the user information was specifically from the Yahoo! Voice service, formally known as Associated Content.

Apparently, the hackers were able to obtain the plaintext list of passwords and usernames using a MySQL injection attack. Ars explains the methodology behind the attack thusly:

The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.

At the end of the dump is a note from D33DS Company, which reads:

We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.

Unfortunately, the D33DS Company website is having some trouble staying online as of writing. However, it does appear to contain the reported list of credentials. Also, if you think that “thx1138″ is a unique password, you’re wrong.

However, a fully searchable version of the list — sans passwords — is up on Dazzlepod. If you’re concerned that your account may have been compromised, you can search for username and see if it pops up on the list.

(Ars Technica via Techmeme)

Relevant to your interests

 

Filed Under |
  • Unk

    you publish a list of breached passwords, where is the friggin list…if no one can find it, what good is it….idiots…

  • Janne

    :-) Rightly said Unk

  • Lamer

    its on thepiratebay….

  • Bharatsewani

    the stupit d33sd or what ever group you are,,,,,,,,,, if no one can check that, then what  new in it……………………… 

  • http://profile.yahoo.com/JVSX2KTOSUEMWQD4YF3BXKYEFA Gerardo

    saw myself on the list, looks like its time to change my password

  • Chance

    It’s not that you can’t find it, it could be on a place your unfamiliar with such as the deep web.

  • Boogie93

    I dont see it on TPB

  • WHEREISD33DSLIST

    Where is it on pirate bay?

  • Fuckyou

    fake fucks

  • Fuckyou

    HellraiseR John OwneS  D33Ds Co Yall some wannabes do you even know what the fuck a rare id is you noobs?

  • Fuckyou

    This is a challenge to d33ds company if your true hackers i challenge you to post some details on how to contact you ill reach out to you in ways you mother fuckers wish u could…I challenge d33ds co to a all out brawl of sorts ill eliminate the living fuck out of you wannabes..LEts do this..My lists make your bot ids look like shit ok you dont stand a fucking chance…

  • Dickhead

    well i downloaded it in a few seconds… if your used to using the internet and  are actually any risk u will know how to find it 

  • WTF

    they hack my yahoo changed my password, hacked my apple id tried to wipe my iphone(but lucky turned off find my iphone) and they are texting my aunt wtf

  • pnmbai

    panderrymbai@gmail.com hack me if you can

  • pnmbai

    Ya’ll all fools. I’m the Raleigh King. Kiss my Axxxxxxxxx