Aproximately 400,000 usernames and passwords to Yahoo email addresses was posted online by . A group of hackers, known as the D33D Company, CNN reports
In order to demonstrate the poor security of Yahoo. The hackers claimed to have stolen the passwords using a hacking technique called an SQL injection, which exploits a software vulnerability
In a statement Yahoo said: "We confirm that an older file from Yahoo Contributor Network... containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday. Yahoo noted that less than 5% of the Yahoo accounts had valid passwords. "We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users' accounts may have been compromised," the company said in an emailed statement.
The hackers wrote a brief footnote to the data dump, which has since been pulled offline: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
Online security experts said Yahoo might have done more to protect the stored passwords, with Ohio-based TrustedSec describing the Internet giant's decision not to encrypt them as "most alarming." According to AP
Offical in Yahoo company recommended Yahoo users should change their passwords as soon as possible as a precautionary measure and "If you use the same password make sure to change too, and he advised never use the same password on several websites.