Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Yahoo Voices Hacked, Usernames and Passwords Posted Online. (yahoo.com)
52 points by automagical on July 12, 2012 | hide | past | favorite | 23 comments


At the risk of essentially slashdotting myself or making my web host very angry at me, I have stripped out the passwords so that the only component remaining is the email addresses, in case you want to check whether you were part of the breach. (I was not! hooray!)

I am hosting this at: http://drostie.org/yahoo_leak.txt . If I receive too much traffic I may simply pastebin it.


Thank you. One of my email addresses is there. Thankfully it's just an account I use for fantasy baseball. Super obnoxious, though.


I love how this is a story about Yahoo, reported on Mashable, then cross-posted to Yahoo News.


http://cheezburger.com/6419346176?utm_source=trans&utm_m...

I made this for that very reason.


I think these accounts were prior to Yahoo! Acquisition of associatedcontent. There is NO WAY for a "native" yahoo property to store plain text passwords. Of course this is a yahoo fault to buy a company with such a weak security...

If this was a leak in yahoo, the number of users with a yahoo e-mail would be much, much higher.


I presume that means also that the passwords could be different from the actual yahoo account passwords? Of course people might have kept them the same...


This story is incorrect to boot. It was Yahoo! VOICES with an (S) not Yahoo Voice.


Well, I find it pretty ridiculous that Yahoo has so many products that Voice and Voices are different products.


I've never heard of either...either.


I can understand the joy feeling for someone to hack something, but what's the point of posting people's passwords online?


Yes, it really is a douchey thing to do.


Could be blackmail gone unanswered (e.g pay us or we publish), could be hatred of Yahoo (either a competitioner, an employee, or just someone who feels wronged).

Or it could be a need to prove onself -- see what I can do, now fear my wrath.

Or it could simply be hatred of humanity, you embarrass people enough and they may lass out on you -- in this case by putting your password online, in other cases by bringing a gun to school.

Summing up, it strongly depends on who did it.


A co-worker's Yahoo account started IM'ing spam links to everybody in his friend list yesterday. This might be why.


We did an analysis of the dump:

http://blog.sucuri.net/2012/07/analysis-of-yahoo-voice-passw...

Interesting is the lack of "yahoo" as part of the passwords... I would expect a much higher % from a yahoo leak.


+1 for ninja being 4th most used password


It's a bit sad that the first bit of correspondence from Yahoo was actually just a syndicated news article from another source.

It makes you stop and think about whether they take security and their customers seriously.


Anyone know exactly what it means to be a yahoo voice user? I use yahoo chat, and I think I've used voice chat in the past, but I don't see my username in the dump drostie posted.


Is there a simple and free service that sends me an email once my address shows up in one of the various dumps that leak to the net these days?


A quick tool for end users to check if their emails were compromised:

http://labs.sucuri.net/?yahooleak


Something something nail in the coffin.


WTF - Yahoo news posting about Yahoo's username password hacked...this is seriously ridiculous.


No, ridiculous would be them trying to cover it up.

This is perfectly normal.


I guess its surprising that it does not cite a official press release from the company, (which is what you would normally expect), but to another news site. Also if one of your products faces such a crisis situation, would you want your users to read the company's reaction in such dispassionate, unapologetic language?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: