Yahoo! is digging into how hackers looted nearly a half million passwords and email addresses from one of its servers.
A hacker group calling itself D33DS posted online a massive trove of data it said was unencrypted in a file pilfered from the Sunnyvale, California-based internet pioneer "as a wake-up call not as a threat".
Yahoo! confirmed that a file from its Contributor Network (formerly Associated Content) containing about 450,000 Yahoo! and other company users names and passwords was compromised on Wednesday.
Security researchers who sifted through the posted data determined that it included information about accounts at other online services, including Google's web-based Gmail, AOL and Microsoft's Live.com.
"We apologise to all affected users," Yahoo! said in a prepared statement.
"We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised."
Less than five per cent of the Yahoo! account data stolen had valid passwords, the company contended.
Affected accounts were reportedly at an internet telephone service called Yahoo! Voices, which is related to the company's instant messaging feature.
"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000-plus usernames and passwords are now public," internet security firm TrustedSec said in a blog post.
The hack came a month after a disturbing rash of security breaches in which members' passwords were stolen from career-oriented social network LinkedIn as well as US dating website eHarmony and British-based music site Lastfm.com.
Security experts said in June that some 6.5 million LinkedIn accounts were posted to a Russian hacker forum.
Users of online accounts are urged by security experts and technology firms to select tough passwords and change them frequently to thwart hackers.
News home