Dailybhaskar.com | Last Modified - Jul 17, 2012, 08:04 PM IST
New Delhi: Yahoo has announced that it has fixed a glitch in its security software that allowed hackers access to 4,50,000 email addresses and passwords.
In a statement on the company blog, a Yahoo spokesperson said the firm has deployed additional security measures for its affected users.
"Yahoo recently confirmed that an older file containing approximately 450,000 email addresses and passwords was compromised," the spokesperson wrote.
"We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data," he added.
According to The Telegraph, hackers belonging to a group called D33Ds Company posted the Yahoo account information on a public website in what they described as 'a wake-up call' last week.
"We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call, and not as a threat," the hackers said in a message posted along with the leaked data.
"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage," they added.
Technology news websites including CNET, Ars Technica, and Mashable identified the hackers behind the attack as a little-known outfit calling itself the D33D Company. The group was quoted as saying it had stolen the unencrypted passwords using an SQL injection - the name given to a commonly used attack in which hackers use rogue commands to extract data from vulnerable websites.