Another day, another password to reset. Hackers collectively known as "D33Ds Company" have posted unencrypted credentials for over 453,000 Yahoo Voices accounts. The group reportedly used an SQL injection to extract the information, which includes email addresses, passwords, over 2,700 database table or column names and 298 MySQL variables.
"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly," D33Ds said in the password dump.
"We are currently investigating the claims of a compromise of Yahoo! user IDs. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com," a Yahoo representative told the BBC today, along with encouraging users to change their passwords.
Although the company told BBC it's not sure what sites are affected, TrustedSec reports with certainty that the breach at least involves Yahoo Voices (formerly Associated Content), a Web publishing division that focuses on user-generated content. Hopefully, Yahoo will offer more details about affected services in the next day or two.
In the meantime, you can check if your account details were compromised by various means. A text document with all the credentials is available via D33Ds as well as popular torrent sites. Those seeking a more kosher source can use Should I Change My Password or this index, which shows email addresses but blurs passwords.