CBS News/ July 12, 2012, 2:32 PM

Yahoo confirms email hack in statement

Yahoo

(CBS News) Yahoo confirmed that approximately 400,000 accounts were compromised as a result of a hack by a group calling themselves the D33D Company.

Yahoo reportedly hacked: Is your account safe?
Full coverage of Yahoo at Tech Talk

According to CNET, the credentials were stored in plain text and were allegedly taken from a Yahoo subdomain, Yahoo Voices. The group claims to have breached Yahoo's security by using a "union-based SQL injection technique."

Yahoo released this statement to Tech Crunch:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.

Yahoo may not be the only email service affected. According to Tech Crunch, Gmail, Hotmail, MSN, AOL and Comcast emails may also be compromised.

Chenda Ngak On Twitter » On Google+ »
Chenda Ngak covers technology & lifestyle for CBSNews.com.

Popular in SciTech

3 Comments Add a Comment

: linkicon reporticon emailicon
Zilchex says:: My team & I offer the best hacking services.We can hack or recover any email id,mobile phone,FACEBOOK & website servers & grant our clients access..We always provide proof before payment so you know you are not being ripped off.Send me a mail "zilchex@gmx.com".We try to reply every client ASAP & execute the project in the quickest time-frame possible.

#Patience is the first weapon!#; reply

: linkicon reporticon emailicon
bobnjersey says:: [At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products]
-------------------------------------------------
storing credentials in plain text, system was open to sql injection techniques?

whatever they've invested ... it wasn't enough.; reply

: linkicon reporticon emailicon
Gasserpe says:: I use several business security devices and I use a twenty page assertion for my pass word on every thing, and I change it at random.; reply