2012 Yahoo! Voices hack


, formerly Associated Content, was hacked in July 2012. The hack is supposed to have leaked approximately half a million email addresses and passwords associated with Yahoo! Contributor Network. The suspected hacker group, D33ds, used a method of SQL Injection to penetrate Yahoo! Voice servers. Security experts said that the passwords were not encrypted and the website did not use a HTTPS Protocol, which was one of the major reasons of the data breach. The email addresses and passwords are still available to download in a plaintext file on the hacker's website. The hacker group described the hack as a "wake-up call" for Yahoo! security experts. Joseph Bonneau, a security researcher and a former product analysis manager at Yahoo, said "Yahoo can fairly be criticized in this case for not integrating the Associated Content accounts more quickly into the general Yahoo login system, for which I can tell you that password protection is much stronger."

Reaction by communities and users

D33DS, the suspected hacker group, said that the hack was a "wake-up call". They said that it was not a threat to Yahoo!, Inc. The IT Security firm TrustedSec.net said that the passwords contained a number of email addresses from Gmail, AOL, Yahoo, and more such websites.

Response from Yahoo

Immediately after the hack, Yahoo!, in a written statement, apologized for the breach. Yahoo! did not disclose how many passwords were valid after the hack, because they said that every minute, 1–3 passwords are changed on their site. Yahoo! said that only 5% of its passwords were stolen during the hack. The hackers' website, d33ds.co, was not available later on Thursday, after the hack. Yahoo! said in a written statement that it takes security very seriously and is working together to fix the vulnerability in its site. Yahoo! said that it was in the process of changing the passwords of the hacked accounts and notifying other companies of the hack.

Controversy

A simple matter had sparked a controversy over Yahoo!. The controversy was sparked because of Yahoo!'s silence about the data breach. After the servers were hacked, Yahoo! did not mail the affected victims, although it was promised earlier. There was no site-wide notifications about the hack, nor did any victim get any type of personal messages detailing how to reset their account passwords from Yahoo.