雅虎45万用户数据泄露

zglloo

黑客称利用union-based SQL注入漏洞获得了XXX.yahoo.com的用户数据。其中包括453492条用户数据记录，超过2700个数据库表和列名，298个MySQL参数。在曝光的数据中有一条HOSTNAME =>> dbb1.ac.bf1.yahoo.com该域名属于Yahoo Voice应用。因此很可能就是Yahoo Voice应用被成功入侵了。

可以到这里查询是否泄露自己的账户

1. #######################################
   
2. #[ - Owned and Exposed - ]       #
   
3. # Brought to you by the D33Ds Company #
   
4. #                                     #
   
5. # Target: <censored>.yahoo.com        #
   
6. # Method: Union-based SQL Injection   #
   
7. #                                     #
   
8. #######################################
   
9. -------------
   
10. Jump to:
    
11. 
    
12. 1. MySQL Variables
    
13. 2. Database/Table/Column Names
    
14. 3. email:pass dump (450k users)
    
15. 4. Final Notes
    
16. -------------
    
17. 
    
18. 1. MySQL Variables
    
19. ------------------
    
20. 
    
21. MAX_PREPARED_STMT_COUNT =>> 16382
    
22. CHARACTER_SETS_DIR =>> /home/y/share/mysql/charsets/
    
23. HAVE_CRYPT =>> YES
    
24. CONNECT_TIMEOUT =>> 10
    
25. ......
    
26. 
    
27. 2. Database/Table/Column Names
    
28. -------------------------------
    
29. 
    
30. [ * ] schema_name ==> table_name :::: column_name
    
31. 
    
32. information_schema =>> CHARACTER_SETS :::: CHARACTER_SET_NAME
    
33. information_schema =>> CHARACTER_SETS :::: DEFAULT_COLLATE_NAME
    
34. information_schema =>> CHARACTER_SETS :::: DESCRIPTION
    
35. information_schema =>> CHARACTER_SETS :::: MAXLEN
    
36. ......
    
37. 3. email:pass dump (450k users)
    
38. --------------------------------
    
39. 
    
40. count() = 453491
    
41. 
    
42. user_id   :  user_name  : clear_passwd : passwd
    
43. 
    
44. 1:ac1@associatedcontent.com:@fl!pm0de@
    
45. 4:john@associatedcontent.com:pass
    
46. 5:steveol@flash.net:steveol
    
47. 6:chotzi@aol.com:chotzi
    
48. ....
    
49. 366641:colinware7998674@gmail.com:uplgmotv

复制代码

排名前10的密码

123456 = 1666 (0.38%)
password = 780 (0.18%)
welcome = 436 (0.1%)
ninja = 333 (0.08%)
abc123 = 250 (0.06%)
123456789 = 222 (0.05%)
12345678 = 208 (0.05%)
sunshine = 205 (0.05%)
princess = 202 (0.05%)
qwerty = 172 (0.04%)

top 10 base words

password = 1373 (0.31%)
welcome = 534 (0.12%)
qwerty = 464 (0.1%)
monkey = 430 (0.1%)
jesus = 429 (0.1%)
love = 421 (0.1%)
money = 407 (0.09%)
freedom = 385 (0.09%)
ninja = 380 (0.09%)
writer = 367 (0.08%)

top 10 e-mail:

yahoo.com (31.07%)
gmail.com (24.14%)
hotmail.com (12.45%)
aol.com (5.76%)
comcast.net (1.93%)
msn.com (1.44%)
sbcglobal.net (1.17%)
live.com (0.97%)
verizon.net (0.68%)
bellsouth.net (0.64%)

wuhongyi

上面这些密码，只要有意义，都或多或少表现了现代人的价值观呢

Schumacher

早就注销了雅虎帐号，品行不好。

ledled

Good: Email ledledxxx@yahoo.co.jp not found in leak.

日本雅虎还好没事……

iwait

忘了自己的yahoo ID了