Yahoo confirmed Thursday that it had suffered a data breach in which 453,492 login credentials were posted online by the hacker collective known as D33D Company.
Yahoo released its official statement to the tech blog TechCrunch:
“We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised.”
According to CNET, the hackers used a “SQL injection technique to penetrate a Yahoo subdomain.” In other words, the hackers sent a command to a part of Yahoo’s online domain telling the database to reveal its content. According to TechCrunch, the specific subdomain was Yahoo Voice, a voice-over IP (VOIP) service that sends voice communications over the internet, similar to Skype.
