Yahoo Voices hacked with 400,000 passwords set loose

Why weren't they encrypted?

TODO alt text

Yahoo has confirmed that over 400,000 unencrypted Yahoo Voices passwords are at risk after a security breach.

A hacker group calling itself D33ds posted the passwords and a host of associated email addresses online after the hack.

Although Yahoo hasn't been forthcoming with much in the way of detail, the hackers themselves claim to have used a Union-based SQL injection to steal the data, posting it online as a 'wake-up call'.

Wake up and encrypt your passwords

"First and foremost, if you use Yahoo Voices, change your password now," says Anna Brading, security consultant at Sophos.

"Unfortunately, the list of compromised websites just seems to keep growing, in little over a month we've seen breaches from Formspring, Last.fm, LinkedIn and eHarmony, proving just how important it is to make sure your passwords are unique and hard to guess for every website you use."

Chris Petersen, CTO and co-founder of security specialist LogRhythm added, "Web applications continue to be seen as a soft target by cyber criminals looking to sell passwords on the black market. Passwords are of value when associated with an email account which is purported to be the case in the Yahoo breach.

"Because users often use the same password across different accounts, cyber criminals might be able to access other sites, company networks, and banking accounts if they can successfully map the compromised email address to the individual that owns it."