Yahoo confirms 400,000 accounts hacked, less than 5% valid

Summary:Yahoo has confirmed that it has seen some 400,000 of its accounts compromised. The company has downplayed the issue, however, saying that the majority of the credentials are invalid.

Update on July 13 - Yahoo fixes flaw behind 450,000 account hack

Yahoo confirms 400,000 accounts hacked, less than 5% valid

Yesterday the hacker group D33ds Company claimed responsibility for attacking a Yahoo service via a union-based SQL injection and exposing 453,492 plain text login credentials . Last we heard, Yahoo was investigating the claims of accounts being compromised. To be on the safe side, the Web giant urged its users to change their passwords on a regular basis. Now, Yahoo has confirmed the breach.

See also - The top 10 passwords from the Yahoo hack: Is yours one of them?

"At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products," a Yahoo spokesperson said in a statement obtained by TechCrunch. "We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

The most important part of this confirmation is that the swiped file is "old" and Yahoo believes less than 5 percent of the credentials are valid. This means less than 22,500 users are affected by this breach, according to Yahoo anyway.

Hopefully some of them have already changed their passwords. In fact, if you have a Yahoo account, you should change your password, just to be on the safe side. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.

It's also worth noting that Yahoo Voices, the purported service that the accounts were used for, is not explicitly mentioned. It's all one and the same: Yahoo Voices is the name that consumers see, Yahoo Contributor Network is what the company refers to it internally, and Associated Content is what the service was called when Yahoo acquired it in 2010.

Update on July 13 - Yahoo fixes flaw behind 450,000 account hack

See also:

Topics: Security

About

Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.