Yahoo Investigates Hacking Exposing 450,000 Passwords

Hacker group D33DS claimed they wanted to expose the security hole, not do irreparable harm

Yahoo said it is investigating a breach that exposed nearly 450,000 user IDs Thursday morning, possibly compromising a database of addresses, names, passwords, phone numbers and birthdays.

"We confirm that an older file from Yahoo Contributor Network … containing approximately 450,000 Yahoo and other company users' names and passwords was compromised yesterday," Yahoo said in a statement to the BBC.

Security firm Trustedsec said the attack seemed to originate from servers connected to Yahoo Voices, a site for user generated content.

It also said less than 5 percent of the Yahoo accounts — emails posted included many addresses at aol.com, gmail.com, hotmail.com — and that the company was taking immediate action to fix the vulnerability.

A hacker collectives dubbed D33DS claimed responsibility, saying they posted the hacked information as "a wake-up call, and not as a threat."

"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure," the group wrote in a statement. "The subdomain and vulnerable parameters have not been posted to avoid further damage."

Though the spiking traffic to the hacker group's website caused its servers to buckle, Dazzlepod posted a searchable list of all the exposed email accounts — sans passwords.

Trustedsec said in a blog post that the user information was stored on Yahoo's servers without any special coding to mask their real characters.

"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public," they wrote. 

An initial analysis by another security firm, Imperva, said the hack may have exposed private data that included names, addresses, zip codes, phone numbers and dates of birth.

The security breach comes amid tense times at the ailing web giant, which has struggled to keep up with peers like Facebook, AOL and Google.

Yahoo is expected to confirm a new CEO which analysts told TheWrap will likely be current interim CEO Ross Levinsohn, who took over last month after CEO Scott Thompson stepped down amid pressure over factual problems on his resume.

However, the AP reported Thursday morning that an hour-long annual shareholders meeting in Santa Clara, California led to tense exchanges between the executive and investors who want to see the company rebound from financial and managerial turmoil.