D33ds came upfront and claimed that they were responsible for the hack. They also posted the passwords and a number of associated email addresses online after their deed.
Yahoo! failed to give more details about the hack. But members of the D33ds said that they used Union-based SQL injection to get the data and posted it online to serve as a ‘wake-up call’.
CTO and co-founder of security specialist LogRhythm Chris Petersen said, “Web applications continue to be seen as a soft target by cyber criminilas looking to sell passwords on the black market. Passwords are of value when associated with an email account which is purported to be the case in the Yahoo! breach.”
Anna Brading security consultant at Sophos added, “First and foremost, if you use Yahoo Voices, change your password now. Unfortunately, the list of compromised websites just seems to keep growing, in little over a month we’ve seen breaches from Formspring, Last.fm, LinkedIn and eHarmony, proving just how important it is to make sure your passwords are unique and hard to guess for every website you use.”
Image Source: pricenfees.com