Following Adobe user forum breach, hacker claims he has access to Yahoo servers

rll13y ago· 1 in thread

Something doesn't look quite right about this Yahoo hack. Yahoo doesn't store MySQL passwords in PHP source code like that. Maybe he pulled these out of something else and wrote that file himself as an odd way to show he got the passwords?

Also, the apparent SQL injection is on a yahoo.net domain which Yahoo uses for untrusted third-party stuff mostly. The fact that the error seems to be from ASP is further evidence that this is very likely some third-party hosted app that doesn't actually have much to do with Yahoo and likely poses no danger to Yahoo users beyond the ones using this particular third-party service, whatever it is.

bdcravens13y ago

I'm pretty sure the code shown is the "hacker"'s code, for demo's sake. That said, the server address redacted out doesn't appear to be a Yahoo domain from what I can see. That tells me that it's a third-party that was broken into.

bdcravens13y ago

Something doesn't add up here, or at least there's pieces missing:

1) Source code show (presumably the attacker's?) shows MySQL usernames/passwords (as implied by variable names)

2) SQL injection attack screen shows errors in System.Data.SqlClient namespace - this is SQL Server: http://msdn.microsoft.com/en-us/library/system.data.sqlclien...

Might mean nothing. Article says the attacker had access to 12 databases, so maybe it's a mix of different platforms. Still, the 2 screenshots really don't corroborate one another.

general_failure13y ago

BigNuts13y ago

This is not the first time i have heard of people having full access to yahoo servers for a substantial amount of time.

nwh13y ago

It's reassuring that every company keeps (.*) very seriously.

Following Adobe user forum breach, hacker claims he has access to Yahoo servers (opens in new tab)

Following Adobe user forum breach, hacker claims he has access to Yahoo servers (opens in new tab)

6 comments

6 comments