Yahoo! Inc. (NASDAQ:YHOO) is investigating the security breach on its site, after reports that more than 400,000 e-mail addresses and passwords were compromised.
Caroline Macleod-Smith, head of U.K. Consumer PR of Yahoo confirmed that the company is checking claims that its user accounts were hacked and posted online. According to Macleod-Smith, she cannot provide additional details or confirm the magnitude of the security breach because the investigation is still ongoing.
Yesterday’s report from various technology websites named D33D Company as the hacker. The group claimed responsibility for the attack using SQL injection. The hacker group says that the security breach is not a threat but a wake-up call for those responsible of managing security for subdomains. The group says, “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in web servers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.” D33D Company is based in Ukraine and the contact details available on its website are invalid.
TrustedSec, an information security firm, says that the accounts compromised were those associated with the Yahoo! Voices, a user generated blogging platform. The security firm also states that e-mail accounts from gmail.com, aol.com and others were hacked. TrustedSec advises Yahoo users to change their passwords immediately and to avoid using passwords that were used for other website logins or emails.
Last month, Facebook Inc (NASDAQ:FB) dismissed the claims of the infamous hacking group Anonymous, claiming responsibility for the downtime experienced by many users. The social media giant says that the incident was not caused by a DDoS attack. The company also apologized to its users.
Bloomberg cites a report from a Paris-based freedom group Reporters Without Borders, who say that the Yahoo e-mail account of at least ten foreign journalists based in China and Taiwan were compromised in March 2010.
During the same year in January, Google Inc (NASDAQ:GOOG) was targeted in a “highly sophisticated” security attacks against 20 companies. The attackers used the e-mail accounts of Chinese human rights activists, which were directed to the websites of the companies. Many believe that the Chinese Government had a hand in the attack on Google.
As of noon today, Yahoo shares fell by 0.79 percent at $15.68 per share.