Yahoo investigating exposure of 400,000 passwords
Web giant Yahoo has confirmed it is investigating a breach of its system which may have exposed 450,000 user IDs.
US security firm Trustedsec said the attack appeared to have originated from servers connected to Yahoo Voices, a user-generated section of the site.
It said that hacking group D33DS had claimed to be behind the attack.
Hours after the attack came to light, Yahoo had not put a warning on its site.
In a statement Yahoo said: "We confirm that an older file from Yahoo Contributor Network... containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday.
"Of these, less than 5% of the Yahoo accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised."
According to US security firm Trustedsec, the compromised passwords were associated with a variety of email addresses including those from yahoo.com, gmail.com and aol.com.
It said that hackers used a well-established technique known as SQL injection to extract the sensitive information from the database.
"The most alarming part of the entire story was the fact that the passwords were stored entirely unencrypted," the security firm said in its blog.
Initial analysis by another security firm Imperva suggested that the compromised database might have contained some private data as well including names, addresses including postcode, phone numbers and dates of birth.
Meanwhile social network Formspring has disabled nearly 30 million passwords following a separate attack.
It said it was a precautionary move after 420,000 passwords showed up on a security forum.
Formspring, which launched in 2009 as a crowd-powered question-and-answer site, has asked users to reset their passwords.
In a blog post it confirmed that a breach had occurred after someone hacked into one of the San Francisco-based company's servers.
A spokeswoman said it had been alerted on Monday that some 420,000 encrypted passwords had shown up on a security forum which she refused to name because she did not want to draw attention to it.
Encrypted passwords aren't immediately useable, although they can sometimes be decoded by a clever attacker.Resources: Yahoo investigating exposure of 400,000 passwords
- More news from this category
Virgin Galactic crash: Pilots' actions analysed04.11.2014, 11:45 BBC News.co.uk
'Boko Haram' kills 48 Nigerian fishermen near Chad29.10.2014, 03:05 BBC News.co.uk
'The Hobbit' turns 10: Find that rewrote human history21.10.2014, 02:32 BBC News.co.uk
Manuel Pellegrini: Manchester City win proves title credentials15.10.2014, 02:38 BBC News.co.uk
Seasonal Affective Disorder and the difference from winter blues21.09.2014, 20:50 BBC News.co.uk
- Similar news
Already 50,000 signatures for Italian referendum on Euro, Eurosceptic leader says20.12.2014, 23:00 RT.com
Afghan civilian casualties, injuries to reach 10,000 in 2014 – UN20.12.2014, 03:43 RT.com
$300,000 in gold missing from Ukraine Central Bank after swapped for lead bricks16.12.2014, 23:08 RT.com
BTA: total damage caused by Billie storm may reach EUR 55,00016.12.2014, 11:29 BNN-news.com
Riga Freeport plans enormous expenses; Christmas tree for EUR 41,00015.12.2014, 16:32 BNN-news.com