They released the dump under the name “censored” , but they neglected to clear the HOSTNAME field in the MySQL information, exposing the server name: dbb1.ac.bf1.yahoo.com.
Top 10 passwords includes the following :
123456 = 1666
password = 780
welcome = 437
ninja = 333
abc123 = 250
123456789 = 222
12345678 = 208
sunshine = 205
princess = 202
qwerty = 172
and the other included the names of week,month,year like monday123,123feb or password2012,etc.
According to me the cause of this expose is the negligence of the internet users about the importance of their password and also the yahoo servers which are vulnerable to the SQL injection attack.
You can view the full list of passwords hacked and check for your password wheather it is hacked or not by link provided in below:
http://dazzlepod.com/yahoo/
If you are hacked, you are advised to change your password immediately if it is still in use elsewhere. For your privacy, do not enter your complete email in the search box. Try using the first part of your email instead, e.g. example instead of example@example.com.
Final Notes released by hacker
------------------------------------
"Growth begins when we begin to accept our own weakness." - Jean Vanier
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security
holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and
vulnerable parameters have not been posted to avoid further damage.
For your safety i have present my 10 tips to having better, more secure passwords.
Tip 1: Have a Variety of Characters
Tip 2: Know the Most Commonly Used Passwords
Tip 3: Use a Password Manager
Tip 4: Don't Reuse Passwords
Tip 5: Use a Password Generator
Thank you for reading.
If you like this post comment below and share this article.
No comments:
Post a Comment