The login details of more than 450,000 Yahoo customers have been leaked online after its Yahoo Voices network was hit by an SQL injection attack.
According to Ars Technica, the information was posted on a public website by a hacking group known as the D33Ds Company and the act was done as a wake-up call to Yahoo.
The group managed to penetrate the Yahoo subdomain by utilising a union-based SQL injection to trick the server in to dumping huge amounts of information. Which it did. In plaintext.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” read a short statement from the hackers.
“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
If you wish, you can check if your details have been compromised at the D33Ds website.