Earlier this week,. Yahoo then confirmed . Yahoo today closed the saga by fixing the flaw in question.
The Web giant provided the following statement to ZDNet sister site CNET:
Yahoo recently confirmed that an older file containing approximately 450,000 e-mail addresses and passwords was compromised. The compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo. (Associated Content is now the Yahoo Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo systems and services.
We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo users, enhanced our underlying security controls, and are in the process of notifying affected users. In addition, we will continue to take significant measures to protect our users and their data.
If you joined Associated Content prior to May 2010 using your Yahoo e-mail address, please log in to your Yahoo account, where you may be prompted to answer a series of authentication questions to change and validate your credentials.
Interestingly, the last time Yahoo provided a statement,. This time, they decided to round down. In my article " " yesterday, I noted that the actual number was 442,773 passwords, compared to the originally reported number: 453,492 passwords. Either way, it's reassuring to remember that only a fraction of these were valid at the time of the breach.
In case you've been living under a rock this past week, you can check whether your account was compromised here: Sucuri. If you have a Yahoo account, you should change your password, just to be on the safe side. Furthermore, if you use the same e-mail address and password combination elsewhere, you should change it there as well.