Yahoo confirms email hacking in statement

Nearly 400,000 Yahoo email accounts were compromised as a result of a hack by a group dubbing themselves as the D33D Company, Yahoo confirmed. The credentials were stored in plain text and were allegedly taken from a Yahoo subdomain, Yahoo Voices, according to CNET. The group claims to have breached Yahoo’s security by using a “union-based SQL injection technique.”

In a statement released to Tech Crunch, Yahoo said, “We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.” Gmail, Hotmail, MSN, AOL, and Comcast emails may have also been compromised, according to Tech Crunch.