Yahoo investigating password breach of 450,000 users

Yahoo confirmed on July 12, 2012, that it was investigating a security breach that may have exposed the passwords of over 400,000 user IDs.

Yahoo confirmed on Thursday that it was investigating a breach of its system which may have exposed the usernames and passwords of up to 450,000 users, according to the BBC.

The attack probably originated from servers connected to Yahoo Voices, according to US security firm Trustedsec. The hacking group D33DS claimed credit for the attack, according to the BBC.

The Associated Press cited tech news sites CNET, Ars Technica and Mashable with the information that over 453,000 login credentials from a Yahoo subdomain were posted on the D33D Company's website.

The group said they used an SQL injection, "a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites," to steal the information, according to the AP.

More on GlobalPost: British National Archives release government's UFO files

The group reportedly said, "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call."

In a statement, Yahoo said, "We confirm that an older file from Yahoo Contributor Network... containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday," according to the BBC. It added that only 5 percent of the accounts had valid passwords, and that it was taking immediate action to fix the vulnerability.

The New York Times noted that the usernames and passwords appeared to be for not only Yahoo, but also Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and users.

More on GlobalPost: Wells Fargo to pay $175M in mortgage discrimination settlement