Yahoo Breaches Exposes Thousands of Users{1}


In this article, a well known tech company, Yahoo, was another victim to a SQL injection attack. This attack gave the hackers access to more than 400,000 users emails and passwords. What was most shocking was that the passwords that were stored was completely unencrypted and were now public. According to the security firm Sophos, the hacker group D33DS said “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat”. Yahoo has confirmed that this breach did happen and urged it users to change their passwords. The article then goes on about how Yahoo wasn’t the only one who fell victim to the security breach but also Formspring, LinkedIn, Eharmony and Last.fm.

I chose this article because it related to our topic of SQL this week. We are currently in the process of learning how to use SQL but it’s defending it is what makes me worry. In the other articles I’ve read in my spare time, it seems to be that SQL injection attacks are the most common but one of the more effective methods to infiltrate a company’s sensitive data and expose it.

What I liked about the article is that it encourages users to change their passwords and hopes that this attack would be a wake up call to the other companies holding personal data but it doesn’t tell us what we the users can do to protect ourselves even further besides changing our passwords frequently. I know the users wouldn’t be able to do much when it comes to a company’s server but I hope the other companies see this article and start encrypting their data and start preparing for any attacks.

Albanesius, C. (2012, July). Yahoo Voices Breach Exposes 453,000 Passwords. http://www.pcmag.com/article2/0,2817,2407015,00.asp