A hacker group calling itself D33DS posted online a massive amount of data it said was unencrypted in a file stolen from the Sunnyvale, California-based Internet pioneer “as a wake-up call not as a threat.”
Yahoo confirmed that a file from its Contributor Network (formerly Associated Content) containing approximately 450,000 Yahoo and other company users names and passwords was compromised on Wednesday. Security researchers who sifted through the posted data determined that it included information about accounts at other online services including Google’s web-based Gmail, AOL, and Microsoft’s Live.com.
“We apologize to all affected users,” Yahoo said in a prepared statement.
“We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised.”
The company contended that less than five percent of the Yahoo account data stolen had valid passwords.