SQL injection attacks remain one of the top ways hackers steal personal information from websites like Yahoo Careers,...
says security firm Imperva.
"That is despite the fact that this form of attack has been around for 10 years and can be easily avoided," said Amichai Shulman, chief technology officer at Imperva.
Hackers do not create vulnerabilities, they merely exploit vulnerabilities that are put in the coding of applications used by websites to process information, he said.
Late last week, Imperva researchers warned Yahoo that the vulnerability of its job site was under discussion in hacker forums it monitors routinely for research purposes.
"Some members of the forum were discussing the vulnerability and how it might be exploited to access information on the website's database," said Shulman.
Yahoo responded within hours to block the vulnerability, which is easily done by using more secure code for handling data in the web application, he said.
In this case, the hackers were offering only a means of accessing the database, said Shulman, without any evidence that the site's database had been compromised.
But, he said this flaw can be used to steal thousands of personal details, which is routinely offered for sale on cybercrime forums.