Page 1 of 2 12 LastLast
Results 1 to 16 of 26

Thread: News - Hackers expose 450,000 Yahoo accounts

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    31,709
    Thanks
    0
    Thanked
    2,073 times in 719 posts

    News - Hackers expose 450,000 Yahoo accounts

    Gmail, AOL, Hotmail and MSN accounts and others also compromised.
    Read more.

  2. #2
    DILLIGAF GoNz0's Avatar
    Join Date
    Jun 2006
    Location
    Derby
    Posts
    10,872
    Thanks
    632
    Thanked
    1,192 times in 945 posts
    • GoNz0's system
      • Motherboard:
      • Asus Rampage V Extreme
      • CPU:
      • i7 something X99 based
      • Memory:
      • 16gb GSkill
      • Storage:
      • 4 SSD's + WD Red
      • Graphics card(s):
      • GTX980 Strix WC
      • PSU:
      • Enermax Galaxy 1250 (9 years and counting)
      • Case:
      • Corsair 900D
      • Operating System:
      • win10 64bit
      • Monitor(s):
      • Dell 24"
      • Internet:
      • 220mb Cable

    Re: News - Hackers expose 450,000 Yahoo accounts

    oh joy...

    Capitalization is the difference between helping your Uncle Jack
    off a horse and helping your uncle jack off a horse.

  3. #3
    Senior Member
    Join Date
    May 2010
    Location
    Southampton
    Posts
    511
    Thanks
    24
    Thanked
    27 times in 22 posts
    • cameronlite's system
      • Motherboard:
      • ASUS P5K Premium
      • CPU:
      • Intel Q6600
      • Memory:
      • 4GB Corsair 1333mhz
      • Storage:
      • 128GB Corsair Force 3 SSD
      • Graphics card(s):
      • MSI Twin Frozr AMD 5850 1GB
      • PSU:
      • XILENCE 600W
      • Case:
      • Lian Li P50r AMD Limited Edition
      • Operating System:
      • Windows 8 Professional 64 bit
      • Monitor(s):
      • Acer 243W 24", HP LA2405 24", Dell 2405 24"
      • Internet:
      • Virgin - 30Mb

    Re: News - Hackers expose 450,000 Yahoo accounts

    Another nail in the Yahoo coffin.
    Currently studying: Electronic Engineering and Artificial Intelligence at the University of Southampton.

  4. #4
    Senior Member Hicks12's Avatar
    Join Date
    Jan 2008
    Location
    Plymouth-SouthWest
    Posts
    6,586
    Thanks
    1,070
    Thanked
    340 times in 293 posts
    • Hicks12's system
      • Motherboard:
      • Asus P8Z68-V
      • CPU:
      • Intel i5 2500k@4ghz, cooled by EK Supreme HF
      • Memory:
      • 8GB Kingston hyperX ddr3 PC3-12800 1600mhz
      • Storage:
      • 64GB M4/128GB M4 / WD 640GB AAKS / 1TB Samsung F3
      • Graphics card(s):
      • Palit GTX460 @ 900Mhz Core
      • PSU:
      • 675W ThermalTake ThoughPower XT
      • Case:
      • Lian Li PC-A70 with modded top for 360mm rad
      • Operating System:
      • Windows 7 Professional 64bit
      • Monitor(s):
      • Dell U2311H IPS
      • Internet:
      • 10mb/s cable from virgin media

    Re: News - Hackers expose 450,000 Yahoo accounts

    Have i missed something or has this piece of turd group actually released the details in full (i.e not with half of it blurred, did you add this? ). If they did just throw it out well they will end up with a swift punch in the face if i ever meet them, im fed up with little groups like this that think its cool or they're doing people a favour, they arent doing anything good... a wake up call yeah flipping right, if you wanted to give yahoo a wake up call you would have sent them all these details NOT thrown them on the web to hurt CONSUMERS/THE FRACKING PUBLIC.

    These people are bloody retards, oh yeah lets gain access to peoples accounts and credit details and release them to public to shove it to the big corporations, instead they make hassle for the public and have basically got spam bots and other **** things selling their credit details etc.

    never signed up with yahoo so shouldnt effected but still makes my blood boil, flipping pricks.
    Quote Originally Posted by snootyjim View Post
    Trust me, go into any local club and shout "I've got dual Nehalem Xeons" and all of the girls will practically collapse on the spot at the thought of your e-penis

  5. #5
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: News - Hackers expose 450,000 Yahoo accounts

    It's completely laughable and unacceptable that any company should hold passwords in plaintext, let alone one as huge as Yahoo. It's not exactly rocket science!

  6. #6
    DILLIGAF GoNz0's Avatar
    Join Date
    Jun 2006
    Location
    Derby
    Posts
    10,872
    Thanks
    632
    Thanked
    1,192 times in 945 posts
    • GoNz0's system
      • Motherboard:
      • Asus Rampage V Extreme
      • CPU:
      • i7 something X99 based
      • Memory:
      • 16gb GSkill
      • Storage:
      • 4 SSD's + WD Red
      • Graphics card(s):
      • GTX980 Strix WC
      • PSU:
      • Enermax Galaxy 1250 (9 years and counting)
      • Case:
      • Corsair 900D
      • Operating System:
      • win10 64bit
      • Monitor(s):
      • Dell 24"
      • Internet:
      • 220mb Cable

    Re: News - Hackers expose 450,000 Yahoo accounts

    my email wasnt on it, and yes emailassword.

    best to follow the link in the pic and check if your one of them.

    and yes the day i meet someone who admits to releasing stuff like this will get a thumb in each eye.

    Capitalization is the difference between helping your Uncle Jack
    off a horse and helping your uncle jack off a horse.

  7. #7
    Senior Member
    Join Date
    Dec 2003
    Location
    Taichung City
    Posts
    898
    Thanks
    281
    Thanked
    172 times in 121 posts
    • mtyson's system
      • Motherboard:
      • Gigabyte GA-B85M-HD3
      • CPU:
      • Intel Core i7 4790T
      • Memory:
      • 12GB
      • Storage:
      • Sandisk 128GB SSD + Kingston 500GB SSD + NAS etc
      • Graphics card(s):
      • Sapphire Radeon RX 580 Nitro+
      • PSU:
      • Corsair 430W
      • Case:
      • Zalman Z9 Plus
      • Operating System:
      • Windows 10
      • Monitor(s):
      • AOC 31.5-inch VA QHD monitor
      • Internet:
      • 100MB Virgin fibre

    Re: News - Hackers expose 450,000 Yahoo accounts

    The user : pass details were published in full in a big plain text list on their web site. No details were obfuscated by the hackers.
    Last edited by mtyson; 12-07-2012 at 11:15 PM. Reason: odd smiley appeared

  8. #8
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: News - Hackers expose 450,000 Yahoo accounts

    It's currently down due to high traffic so can't check. Doubt I'll be on it but not a problem to change some passwords anyway...

  9. #9
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,039
    Thanks
    3,910
    Thanked
    5,224 times in 4,015 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: News - Hackers expose 450,000 Yahoo accounts

    Domains affected:

    Domains
    1. Yahoo.com (137,559)
    2. Gmail.com (106,873)
    3. Hotmail.com (55,148)

    4. Aol.com (25,521)
    5. Comcast.net (8,536)
    6. Msn.com (6,395)
    7. Sbcglobal.net (5,193)
    8. Live.com (4,313)
    9. Verizon.net (3,029)
    10. Bellsouth.net (2,847)
    11. Cox.net (2,260)
    12. Yahoo.co.in (2,133)
    13. Ymail.com (2,077)
    14. Hotmail.co.uk (2,028)
    15. Earthlink.net (1,943)
    16. Yahoo.co.uk (1,828)
    17. Aim.com (1,611)
    18. Charter.net (1,436)
    19. Att.net (1,372)
    20. Mac.com (1,146)

  10. #10
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: News - Hackers expose 450,000 Yahoo accounts

    Yeah that is pretty scary, what's Yahoo doing with plaintext Gmail/Hotmail passwords? Unless I've misunderstood...

  11. #11
    Moosing about! CAT-THE-FIFTH's Avatar
    Join Date
    Aug 2006
    Location
    Not here
    Posts
    32,039
    Thanks
    3,910
    Thanked
    5,224 times in 4,015 posts
    • CAT-THE-FIFTH's system
      • Motherboard:
      • Less E-PEEN
      • CPU:
      • Massive E-PEEN
      • Memory:
      • RGB E-PEEN
      • Storage:
      • Not in any order
      • Graphics card(s):
      • EVEN BIGGER E-PEEN
      • PSU:
      • OVERSIZED
      • Case:
      • UNDERSIZED
      • Operating System:
      • DOS 6.22
      • Monitor(s):
      • NOT USUALLY ON....WHEN I POST
      • Internet:
      • FUNCTIONAL

    Re: News - Hackers expose 450,000 Yahoo accounts

    It seems to be connected with something called Yahoo Voices:

    http://mashable.com/2012/07/12/yahoo-voices-hacked/

    "But it wasn’t just Yahoo! email addresses that have been infiltrated: Gmail, MSN, Hotmail, Comcast and AOL accounts have also been hacked. (Yahoo! Voices allows you to sign in with non-Yahoo! email addresses.)"

  12. #12
    Lurking since 06
    Join Date
    May 2006
    Location
    London
    Posts
    575
    Thanks
    66
    Thanked
    41 times in 26 posts
    • Mama Sumae's system
      • Motherboard:
      • Asus P5B - deluxe
      • CPU:
      • Core2 duo 6300 O'c @ 3.1 Mhz / Arctic Cooling Freezer 7 Pro
      • Memory:
      • Corsair 2GB XMS2 6400 C4 @ 890Mhz
      • Storage:
      • WD 320 GB /sata
      • Graphics card(s):
      • Gigabyte GTX 560 Ti oc - 1GB GDDR5
      • PSU:
      • Enermax NoisetakerII 485W
      • Case:
      • AKASA ZEN Black 2x12cm fans
      • Operating System:
      • Win 7 Ulti
      • Monitor(s):
      • BenQ G2222HDL 21.5 inch
      • Internet:
      • Virginmedia 50MB (or so they told me...)

    Re: News - Hackers expose 450,000 Yahoo accounts

    I am such a cynic that my first thought was how helpful this news is for those advocating more internet policing.

  13. #13
    Zzzzzzz sleepyhead's Avatar
    Join Date
    Nov 2007
    Posts
    2,514
    Thanks
    373
    Thanked
    292 times in 162 posts

    Re: News - Hackers expose 450,000 Yahoo accounts

    Does this also include Flickr?

  14. #14
    Member
    Join Date
    Jul 2012
    Posts
    167
    Thanks
    11
    Thanked
    13 times in 8 posts

    Re: News - Hackers expose 450,000 Yahoo accounts

    This just goes to prove how aged yahoo platform really is and how lazy most of their programmers are. Or plain stupid? Not much of a difference, really. Any semi-decent web programmer (or indeed any other programmers that moved past "knowledge" gathered in those nice black & yellow booklets) will know better than to store user passwords directly in a database, and a poorly protected one at that, too. What a bunch of wallies! LOL! For those not in the know - only one-way "bcrypt" (or at the very least SHA256 or extremely well "salted" MD5) hashes of passwords should be stored since those can't be reversed back without insane amounts of processing power ("bcrypt" is considered "a slow algorithm" but still fast enough to verify user input), these hashes stored in a well protected database, hashes never exported for any purpose whatsoever and, of course, never used in any way to store user session data in cookies. Session IDs should also be completely random, long enough to make any brute force hacking near impossible, include a time-stamp on which they can be checked for validity (on top of their existence on the server, of course) and should expire within a reasonably small amount of time. I realize such approach means a minor inconvenience for users have they forgotten their passwords, but there's so many ways around it already in existence, I won't even bother explaining any. "Google" for it and remember you can do better than provide just a few possible password reminder questions than some other big companies do - enable users to also type in their own questions (DUH! Google! LOL). That's it folks, programming web for safe(r) surfing in a nutshell. Can't really trust some "yahoos" on that now, can we?

  15. #15
    Now 100% Apple free cheesemp's Avatar
    Join Date
    Apr 2007
    Location
    Near the New forest
    Posts
    2,948
    Thanks
    354
    Thanked
    255 times in 173 posts
    • cheesemp's system
      • Motherboard:
      • ASUS TUF x570-plus
      • CPU:
      • Ryzen 3600
      • Memory:
      • 16gb Corsair RGB ram
      • Storage:
      • 256Gb NVMe + 500Gb TcSunbow SDD (cheap for games only)
      • Graphics card(s):
      • RX 480 8Gb Nitro+ OC (with auto OC to above 580 speeds!)
      • PSU:
      • Cooler Master MWE 750 bronze
      • Case:
      • Gamemax f15m
      • Operating System:
      • Win 11
      • Monitor(s):
      • 32" QHD AOC Q3279VWF
      • Internet:
      • FTTC ~35Mb

    Re: News - Hackers expose 450,000 Yahoo accounts

    Quote Originally Posted by howdee View Post
    This just goes to prove how aged yahoo platform really is and how lazy most of their programmers are. Or plain stupid? Not much of a difference, really. Any semi-decent web programmer (or indeed any other programmers that moved past "knowledge" gathered in those nice black & yellow booklets) will know better than to store user passwords directly in a database, and a poorly protected one at that, too. What a bunch of wallies! LOL! For those not in the know - only one-way "bcrypt" (or at the very least SHA256 or extremely well "salted" MD5) hashes of passwords should be stored since those can't be reversed back without insane amounts of processing power ("bcrypt" is considered "a slow algorithm" but still fast enough to verify user input), these hashes stored in a well protected database, hashes never exported for any purpose whatsoever and, of course, never used in any way to store user session data in cookies. Session IDs should also be completely random, long enough to make any brute force hacking near impossible, include a time-stamp on which they can be checked for validity (on top of their existence on the server, of course) and should expire within a reasonably small amount of time. I realize such approach means a minor inconvenience for users have they forgotten their passwords, but there's so many ways around it already in existence, I won't even bother explaining any. "Google" for it and remember you can do better than provide just a few possible password reminder questions than some other big companies do - enable users to also type in their own questions (DUH! Google! LOL). That's it folks, programming web for safe(r) surfing in a nutshell. Can't really trust some "yahoos" on that now, can we?
    Unless I misunderstood - this service was something that allowed Yahoo to log into a users email account held by another company. In which case using hashes wouldn't have worked (It'll only work locally with hashes as you know how to use the hashes). I am disappointed though that they didn't at least obfuscate/encrypt the passwords.

    For local website accounts what you've said is correct though.
    Trust

    Laptop : Dell Inspiron 1545 with Ryzen 5500u, 16gb and 256 NVMe, Windows 11.

  16. #16
    Senior Member watercooled's Avatar
    Join Date
    Jan 2009
    Posts
    11,478
    Thanks
    1,541
    Thanked
    1,029 times in 872 posts

    Re: News - Hackers expose 450,000 Yahoo accounts

    To be pedantic, you don't have to use bcrypt; SHA256 (or SHA512 which is now Linux default for user passwords) is not inferior as you imply, and ALL passwords should be salted to protect against rainbow table attacks. MD5 is no longer considered suitable for cryptographic hashing. Any hash function should not be reversible, so bruteforcing (or rainbow tables without salt) is the only option; choosing a half decent password is important so bruteforcing is not plausible.

    Even if they were storing credentials for other websites, storing them completely in the clear in a database is pathetic. A company as large as Yahoo should have set up a proper authentication process between themselves and the other party.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •