Yahoo has confirmed that about 400,000 user accounts and passwords from one of its services were posted online on Wednesday. In a statement given to TechCrunch, the company said that an "older file from Yahoo Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo and other company users names and passwords was stolen" and posted online. It also says that less than 5 percent of the Yahoo account passwords released were still valid, and that it is "fixing" the vulnerability.
Unfortunately, the hack doesn't just affect people with Yahoo accounts. The Contributor Network allowed users to sign in with Gmail, Hotmail, AOL, or other email addresses through Facebook, and it's estimated that fewer than half the total compromised accounts were Yahoo ones. Yahoo says it's changing the passwords of people on its own network, and it's "notifying the companies whose users accounts may have been compromised." If you were signed up to the Contributor Network under any address, though, now would be a good time to change your password.