Yahoo! has said it is currently investigating a security breach that resulted in nearly half a million Yahoo! users names and passwords being posted online. According to PC World, one hacker group named D33ds Company, is taking credit for the attack. The group said it was able to obtain the information by thanks to a SQL injection.
The published credentials apparently belong to Yahoo!'s VoIP service, Yahoo! Voices, which runs on Yahoo!'s instant messenger. However, D33ds did not reveal the service the credentials came from. The group said it wasn't disclosing that information because it wanted to avoid further damage. What's more, according to a D33d's statement posted to PC World, the attack was supposed to be a wake up call, and not a threat.
A statement from Yahoo! claims that less than 5 percent of the accounts obtained by the group had valid passwords. The company said the hackers obtained the information via an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords. Yahoo! said it is taking immediate action, which will involve changing the passwords of the affected Yahoo! users, notifying companies whose user accounts may have been compromised, and, of course, fixing the vulnerability that led to the disclosure of the data in the first place.
"We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com," the company is quoted as saying.
It sort of goes without saying but if you used your Yahoo! Voices password for any other service, you should probably change those too.