SAN FRANCISCO: Yahoo! on Thursday was digging into how hackers looted nearly a half million passwords and email addresses from one of its servers.
A hacker group calling itself D33DS posted online a massive trove of data it said were unencrypted in a file pilfered from the Sunnyvale, California-based Internet pioneer "as a wake-up call not as a threat."
Yahoo! confirmed that a file from its Contributor Network (formerly Associated Content) containing approximately 450,000 Yahoo! and other company users names and passwords was compromised on Wednesday.
"We apologize to all affected users," Yahoo! said in a prepared statement.
"We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised."
Less than five percent of the Yahoo! account data stolen had valid passwords, the company contended.
Affected accounts were reportedly at an Internet telephone service called Yahoo! Voices, which is related to the company's instant messaging feature.
"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000-plus usernames and passwords are now public," Internet security firm TrustedSec said in a blog post.