Friday, July 13, 2012

Yahoo website hacked, 450k+ user information exposed

A MySQL database in Yahoo Voice (formerly known as Associated Content before being purchased by Yahoo in 2010) was just hacked using SQL injection, and its MySQL variables, together with 450k+ user information in database dump, is exposed to Internet by someone claimed as D33Ds Company.

Soon, somebody has analysed the database dump using a tool called Pipal, and revealed the top 10 most commonly used passwords to be:
  • 123456
  • password
  • welcome
  • ninja
  • abc123
  • 123456789
  • 12345678
  • sunshine
  • princess
  • qwerty
The result of the findings is posted in Pastebin.

Nowadays, password is commonly used as credential to authenticate users accessing web-based and/or mobile-based services in the Internet. As a user, beside not using password that are easy go guess (by human or by computerized program), we also need to assume that the website might not be putting enough security measure in storing our information in their server. Therefore, it is advisable to use different password for different website. If one is compromised, at least the rest are not badly affected.

No comments:

Post a Comment