A number of 453,492 email addresses and associated clear text passwords have been published online by a hacker group that calls itself the D33Ds Company. After analyzing the data dump, experts determined that the information likely comes from Yahoo! Voices.
Even though the file published by the hackers doesn’t mention the exact name of the Yahoo! subdomain from which the passwords have been stolen, researchers from TrustedSec
managed to identify the hostname.
The hostname, dbb1.ac.bf1.yahoo.com
, seems to be associated with Yahoo! Voices, previously known as Associated Content.
According to the published document, the large amount of credentials were obtained by leveraging an SQL Injection vulnerability that affected the target domain. DataLossDB
has analyzed the email accounts and determined that the leak contains 54,000 Hotmail addresses, 106,000 from Gmail customers and 136,000 from Yahoo! users. The rest are hosted on various other domains. Also, of the 453,492 passwords, 342,509 are unique.
Besides the email addresses and passwords, the data dump also contains a list of MySQL variables and a list of database, table and column names.
Furthermore, the file also contains a “final note” from the hackers.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” they explained.
“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage,” they added.
We haven't managed to confirm the precise origin of the information, but we can say that the record sets don't seem to appear in older data leaks.
As always, since there’s highly sensitive data involved, we will not be providing a link to the file.
We expect Yahoo! to come forward with a statement regarding the incident so we’ll keep you updated as the story develops.