engine - 9:42 am on Jul 12, 2012 (gmt 0)
Report: Hackers List Credentials of 400,000 From Yahoo Service [arstechnica.com]
Hackers posted what appear to be login credentials for more than 453,000 user accounts that they said they retrieved in plaintext from an unidentified service on Yahoo.
The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. The hacking technique preys on poorly secured web applications that don't properly scrutinize text entered into search boxes and other user input fields. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information.
To support their claim, the hackers posted what they said were the plaintext credentials for 453,492 Yahoo accounts, more than 2,700 database table or column names, and 298 MySQL variables, all of which they claim to have obtained in the exploit.