Yahoo! Hacked: Was Your User ID Stolen?

Yahoo! Breach Exposes Over 450,000 User IDs

A breach at Yahoo exposed 453,492 user IDs. The hack was carried out by a group called D33DS Company. TrustedSec writes that the attack was carried out through Yahoo! voices, a user-generated-content area of the Yahoo! web property formerly known as Associated Content.

• D33ds Co: We Hacked Yahoo!
  

The hack was carried out by injecting MySQL commands into a text box (such as a search field or login area). According to D33DS Company, the usernames and password info were stored in plaintext. That's bad.

Find Out if Your Yahoo! Account Was Hacked

You need to find out if your Yahoo! account was compromised. Dazzlepod has a searchable list of the compromised Yahoo! accounts, minus the passwords. If you find your account in that list, change your password.

This is a wise precaution, though D33DS Company said that it did not plan on using the exploit for malicious purposes. However, the info is now out there in the open, and not everyone is so scrupulous.

Otherwise, there's nothing you can do until Yahoo! fixes the security hole. If the password is held in plaintext, changing it will only replace it with another plaintext password.

So far Yahoo! hasn't even put up any kind of warning (publicly or directly to Yahoo! account-holders) that anything is wrong.

Posting the info publicly was maybe not the smartest thing to do: now not only does everyone know about Yahoo!'s security weakness, but there's a whole sheaf of easily-harvestable usernames and passwords out there in the open, no hacking skills required.

(We've looked at the dump: some of you are using some dumb passwords. It's really stupid to use "password" as your password.)