Surprisingly, every password had been stored in plaintext or unencrypted, so that anyone could read them. And it wasn’t only email addresses that were compromised. Gmail, Hotmail, Comcast, MSN, and AOL accounts were also hacked because Yahoo! Voices lets you log in using non-Yahoo! email addresses. A group of hackers called “D33ds Company” put the data on its website. A note appearing at the bottom of the posting read, “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly.”
The D33ds Company said on its website that the group used a SQL injection attack, where carefully crafted code bits were put into a browser address bar or webpage form to make the database malfunction. These types of attacks are not uncommon and database admins often do system testing in order to prevent them.
Yahoo! Not Alone
The Yahoo! story comes close on the heels of the news that the social network Formspring was compromised, leading to the leak of the passwords for 420,000 of its users.
Incidents like these highlight the importance of security to prevent organizations from becoming the victims of information breaches. For businesses, the consequences of such breaches can be enormous. They can involve expensive lawsuits, loss of reputation and sales, and huge financial penalties. The cost or recovery from information breaches can be huge and take years.
Security companies like Venafi encryption management recommend that businesses employ sound online security in areas as simple as password protection. The easiest way for businesses to enhance their online security is selecting strong passwords that use a mixture of capital and lower case letter, symbols, and numbers. The password should be from 8-12 characters long.
Importance Of Maintaining Security
As more sensitive information is being stored, processed, and transmitted across business networks or the internet, the danger of unauthorized access is expected to grow, presenting significant security challenges. However, businesses that continually revamp their security measures should be able to prevent their critical information from being compromised.