Yahoo! Confirms Hacking of 450,000 Email IDs & Passwords, Fixed the Vulnerability, Says - 3D Flip Debut on Yahoo! Mobile

Yahoo! confirmed that on July 11, a group of hacker published approximately 450, 000 email addresses and passwords associated with Yahoo! Contributor Network online.The company said that the information included account information from Yahoo! Email, Yahoo! Voices and other services.The attack reportedly targeted Yahoo services with a union-based SQL injection technique -- and the hackers […]

Yahoo! confirmed that on July 11, a group of hacker published approximately 450, 000 email addresses and passwords associated with Yahoo! Contributor Network online.

The company said that the information included account information from Yahoo! Email, Yahoo! Voices and other services.

The attack reportedly targeted Yahoo services with a union-based SQL injection technique -- and the hackers posted alleged login credentials to the D33D Company website as proof of the breach. Claiming, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," the group said.

Yahoo! in a blog post said, that an older file containing approximately 450,000 email addresses and passwords was compromised. "This compromised file was a standalone file that was not used to grant access to Yahoo! systems and services," Yahoo said.

"The compromised information was provided by writers who had joined Associated Content (now Yahoo! Contributor Network) prior to May 2010, when it was acquired by Yahoo!," the comapny adds.

Those who joined Associated Content prior to May 2010, "using your Yahoo! email address, log in to your Yahoo! account where you may be prompted to answer a series of authentication questions to change and validate your credentials."

"Of these, less than 5 percent of the Yahoo accounts had valid passwords," the company said. "We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users."

In addition, "we will continue to take significant measures to protect our users and their data."

According to the New York Times, this hacking goes beyond Yahoo, "Security researchers at Rapid7, a security company, analyzed the dumped account information and found that it included account information not just for Yahoo users but for Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users. Marcus Carey, a researcher at Rapid7, found that among the data were some 106,000 Gmail accounts, 55,000 Hotmail accounts and 25,000 AOL accounts."

"At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products," Yahoo! adds.

In other Yahoo! news, the 3D Flip rich media format makes its mobile debut in a campaign for Wyeth Gold on Yahoo! Hong Kong's mobile homepage.

"This playful and interactive campaign plugged Wyeth Gold's baby formula. It lets parents upload videos of their tiny loved ones that capture moments of baby surprise, such as the first time baby talks, walks, runs, jumps, squeaks, etc.

Because mobile doesn't support Flash and its associated languages, which are still used to craft desktop ads (e.g. JavaScript, ActionScript, etc.), the 3D Flip was built entirely in the language of HTML5, the next generation of HTML that supports more multimedia than its predecessor markup languages. HTML5 is the principal language behind both smartphone and tablet display ads," Yahoo wrote.