Yahoo Data Breach (2012)

Yahoo officials confirmed that an older file from the Yahoo Voices (formerly Associated Content) was stolen July 12 by hackers, allowing them to get their hands on more than 400,000 user credentials. Of that amount, less than 5 percent of the Yahoo accounts had valid passwords, the company told eWEEK. Besides Yahoo email addresses, the list also included email addresses for Gmail, Hotmail, AOL and other services. Users of the Yahoo Contributor Network can sign up using their Google or Facebook IDs, which accounts for the various emails listed. The breach occurred courtesy of a group of hackers known as €œD33Ds Company,€ which posted a text file with the information online and said they used union-based SQL injection to swipe the information. "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," D33Ds said in a message accompanying the leaked data. "There have been many security holes exploited in Web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."