Hackers appear to have breached a Yahoo Voice server and posted around 453,000 user accounts and passwords online. D33Ds Company, a hacking group, made a file available on Wednesday with the credentials visible in plaintext. TrustedSec reports that the passwords appear to have been obtained using a SQL injection attack to extract the information from Yahoo's database servers.
Ars Technica analyzed the leaked file and managed to obtain a statement from the hackers, explaining their motive. "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," reads a note attached to the file. The group also explain that other holes have led to disclosures in the past and that Yahoo should "not take them lightly."
Yahoo's apparent security blunder comes just over a month after LinkedIn confirmed that member passwords had been compromised. Over 6 million hashed passwords were leaked from LinkedIn's servers and the company urged members to change credentials as a result. If you're a Yahoo user, even if you don't use the Voice service, then now is a good time to change your password.