The DNetWorks

Menu
Skip to content
  • Home
  • About
  • Advertise
  • Buy Adspace
  • Hide Ads for Premium Members
  • Privacy Policy
  • Terms of Use
  • Tip Us
  • Write for Us

Yahoo Voices, Android Forums, NVIDIA Forums hacked, 2 Million Accounts compromised all within a Week

Posted on July 15, 2012 by Dhawal D

Yes, it’s a huge deal, First Yahoo Voices then Android Forums and now NVIDIA forums and Dev Zone hacked and the data is posted online.

Yahoo Voices Hacked, 450,000 users data exposed

Last Thursday, Mashable reported that Yahoo voices user database was compromised. A list titled “Owned and Exposed” which is “brought to you by the D33Ds Company” was posted online revealing a number of details for the service including all of the email addresses and passwords for Yahoo Voices’ 450,000 users.

At the end of the document the group remarks that it posted the information to be a “Wake-up call” instead of a threat.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the document says. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure.”

“Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

The group also included this quote from Jean Vanier in its closing remarks: “Growth begins when we begin to accept our own weakness.”

The group also included a quote from Jean Vanier in its closing remarks: “Growth begins when we begin to accept our own weakness.”

Yahoo Voices is the new name Yahoo gave to Associated Content, a site it bought in 2010 for $100 million.

And then Phandroid’s Android Forum got Hacked, 1,000,000 credentials stolen

The breached database data included information like unique log in IDs, usernames, emails, hashed passwords and registration IP addresses, says the post. Hash is a cryptographic representation of a key (password).

It randomly assigns some slots to your passwords using an algorithm and retrieves them using the same algorithm.

If you are one of the users, it is advised to change your password: go to your UserCP or use the Forgot your password? function. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well as a security measure. As the data may be run across various other forums to see if they can login using your credentials, which in-turn can cause further misuse.

In a post titled Important Notice – Security Breach, Android Forums administrator “Phases” posted the following facts about the breach:

  • The exploit used has been identified and resolved. The server has been further hardened and extra “just in case” actions have been taken.. and will continue to be taken.
  • All code that resides in the database and the file system has been thoroughly reviewed for malicious edits and uploads.
  • No other sites in our network appear to have been accessed (we’re triple checking).
  • The user table of AndroidForum’s database was (at a minimum) accessed. While we can’t prove or disprove whether or not the data was downloaded (due to the way the data was transferred), it’s completely possible.. and we’ve taken action assuming this is the case.
  • Information in the user database includes: Unique ids, usernames, emails, hashed (encoded) passwords, registration IP addresses, usergroup memberships, infraction levels, last time online, last post date, post count… as well as far less critical things like number of PMs, visitor messages, last online dates, and some vbulletin options set in your UserCP.
  • Immediately following the incident, all ~100 staff were notified of a pending password change – and all passwords to were changed to random strings. Almost all are back in with new passwords. Because gaining access to a staff member account could pose the biggest threat, we first moved to secure these accounts.

It is started that the attack is an Email Harvesting Attempt, which simply means, that the emails stolen from the forums database will be later used to Spam you, some say, it was attacked just for fun, either ways, the security is breached.

NVIDIA Forums and Dev Zone breached 400,000 user data Stolen

If the week wasn’t bad, NVIDIA jumped in and announced that, they have become the latest victim of hackers looking to steal user credentials. After having taken down a couple of their sub-sites earlier this week due to investigate unusual activity, NVIDIA has discovered that both their Developer Zone and their forums were compromised, it is known that about 400K account credential have been stolen including

  • usernames
  • email addresses
  • hashed passwords with random salt value
  • public-facing “About Me” profile information

The good part is that like most forums NVIDIA only stored hashed & salted passwords, so the passwords themselves haven’t been directly compromised. The bad part is; a powerful computing capabilities can get the passwords out of the hashes without much of an effort.

The DNetWorks Team

This entry was posted in Android, Daily Latest Happenings, Featured, Hacking, Technology, Yahoo! and tagged 2 million user account compromised hacked, Android Forums hacked, NVIDIA Forums hacked, Yahoo Voices hacked. Bookmark the permalink.

Post navigation

← Turn your twitter feed into a radio station with The Social Radio
Nokia developers tool points to 6 new phone release soon →

Search what you’re looking for

    July 2012
    M T W T F S S
     1
    2345678
    9101112131415
    16171819202122
    23242526272829
    3031  
    « Jun   Aug »
Proudly powered by WordPress | Theme nuwhite by Mkhuda