Yahoo criticised after passwords appear online

 

Gallery

By Stewart Mitchell

Posted on 12 Jul 2012 at 10:00

Security experts have criticised Yahoo for storing passwords in plain text, after the login details were leaked online.

Yahoo Voice users are being urged to change logins on other services they use the same password for after hackers published nearly half a million account details.

Yahoo has yet to confirm the hack – although it has told PC Pro it is working on a statement on the issue – but security experts are taking the issue seriously after 453,000 account details went public.

They have hit out at the fact the passwords were stored without encryption, which meant once they were posted online anyone could access the names and passwords of effected users.

Since all the accounts are in plain-text, anyone with an account present in the leak which also has the same password on other sites should assume that someone has accessed their account

“The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public,” said researcher David Kennedy on the TrustedSec blog. “The method for the compromise was apparently a SQL Injection attack to extract the sensitive information from the database.”

According to a report from Ars Technica, which saw the post before it was taken down, the hack was claimed by hacker group D33Ds Company, which said it wanted to highlight weaknesses in Yahoo's security.