Attack Yahoo!: 450,000 passwords published online

More than 450,000 access credentials linked to as many user accounts of Yahoo! were recently published on the web from unknown parties. The passwords stolen would have been published, according to a statement broadcast by the charge of the operation, with the intent to show how well providers are somehow attacked and how the usernames-password pairs are obviously very protected.

To get your hands on passwords of others, who had set up what is called “a demonstration”, he launched an attack like SQL injection to web application Yahoo!. It’s called “SQL injection” attack a particular practice that aims to target web applications that rely on DBMS (eg Access, SQL Server, MySQL, Oracle, etc.) for storing and managing data. The attack is realized when the intruder can send to the web application by simply using your browser, an SQL query arbitrary.


When the received data input from the dynamic web page are not properly filtered, placed in the SQL query input from the aggressor – the URL directly invoked by clients – could be “attached” to the query executed in a legitimate application server web. According to some indications, the attacker would have targeted the service ” Yahoo! Voices “, a service that brings together under one umbrella, thousands of articles posted on the company network from users. The attack, therefore, would not have been launched against the VoIP service ” Yahoo! Voice “(without the” s “), based on technology developed by JaJah.