More than 450,000 Yahoo Voice usernames and unencrypted passwords were stolen from Yahoo. Hacker outfit D33ds Company claimed credit for the attack , which was carried out through a union-based SQL injection and exposed 453,492 plain text login credentials.
Formspring was also in the news this week for a reported hack in to their system, Formspring users are being encouraged to change their passwords immediately, and to check whether they used the same password on other services.
“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” a Yahoo spokesperson said in a statement to an online tech blog. “We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”