Yahoo closes security hole that led to password breach
Yahoo said Friday that it has fixed a security vulnerability that allowed hackers to seize roughly 450,000 unencrypted email addresses and passwords belonging to members of its content-sharing platform.
In a blog post, the web giant said the intruders accessed a "standalone file" that contained the login data used by writers who joined Associated Content prior to May 2010, the month when Yahoo acquired the company for $100 million. Now called Yahoo Contributor Network, the business unit specializes in producing freelancer-generated, search-optimized content.
According to experts, the hackers, which claimed to be part of a relatively unknown contingent known as "D33ds Company," obtained the information in clear text through a SQL injection attack, a common technique used to infiltrate vulnerable web applications.