Information Security provider, TrustedSec, reported that hackers were able to acquire more than 400,000 unencrypted passwords believed to be from Yahoo Voices, formerly known as Paid Content.

According to the report, the hackers used an SQL Injection attack to extract the sensitive information from the database.  The acquired data was then posted in the hacker site D33D Company.  Aside from posting some 453,000 login credentials were made viewable by the public.  But the alarming part about this is that the posted data showed that the passwords were unencrypted.  The hackers claim that this is a “wake-up call”, not a threat.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” the hackers said in a comment at the bottom of the data. “There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

Vulnerable users

Earlier this week social Q&A site Formspring was also breached, compromising 420K accounts, but it was soon resolved.  And just last month, LinkedIn, eHarmony, and Last.Fm were also breached.

We’re always reminded to use strong passwords, change passwords often, don’t tell others your password – some of us do this, some of us don’t, and unfortunately, most people don’t really give a damn.  When we sign up for a service, we think that we’re signing up to a secure network, and they should be secured.  But no matter how strong our passwords are, if the service we are using doesn’t have a secure system or they don’t encrypt users’ login details, then having a strong password is for naught.