Yahoo has confirmed what we reported last night: Hackers broke into a Yahoo server and found a file with more than 400,000 unencrypted email addresses and passwords.The hackers, from a group called D33ds Co, posted the 18-megabyte text file online.
Here’s the statement:
At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised. We apologise to affected users. We encourage users to change their passwords on a regular basis and also familiarise themselves with our online safety tips at security.yahoo.com.
Yahoo bought Associated Content in 2010 for $100 million and renamed it Yahoo Voices. The site, which allows amateur writers to sign up and get paid for articles, has contributed to Yahoo’s local-news efforts.