Yahoo hit with password theft
Well, I guess we know at least one of the topics being talked about at today’s Yahoo shareholders meeting. Hackers have claimed to have made off with some 450,000 Yahoo accounts and posted the logins and passwords online.
The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what’s known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don’t properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.
The hackers claim they mean no harm (other than stealing and posting private information, I guess) and are trying to issue a wake up call to Yahoo to improve its bad security.
CNET looked at the leaked passwords and confirmed that, yes, there are plenty of idiots out there:
• 2,295: The number of times a sequential list of numbers was used, with “123456” by far being the most popular password. There were several other instances where the numbers were reversed, or a few letters were added in a token effort to mix things up.
• 160: The number of times “111111” is used as a password, which is only marginally better than a sequential list of numbers. The similarly creative “000000” is used 71 times.
• 780: The number of times “password” was used as the password. Apparently, absolutely no thought went into security in these instances.
We’re here to help you navigate this changed world and economy.
Our mission at Marketplace is to raise the economic intelligence of the country. It’s a tough task, but it’s never been more important.
In the past year, we’ve seen record unemployment, stimulus bills, and reddit users influencing the stock market. Marketplace helps you understand it all, will fact-based, approachable, and unbiased reporting.
Generous support from listeners and readers is what powers our nonprofit news—and your donation today will help provide this essential service. For just $5/month, you can sustain independent journalism that keeps you and thousands of others informed.