The D33ds Company, a self-described hacker group, broke into a Yahoo subdomain today (July 12, 2012) and swindled nearly 450,000 passwords. They posted a text file of the login credentials on d33ds.co and the file continues to be shared through torrents.
Yahoo confirmed the attack around 1 p.m. EST and indicated they were taking immediate action to repair the vulnerability. Although only 5% of the compromised accounts had valid passwords, Yahoo changed the passwords of the affected accounts and sent emails notifying the users. There was an early miscommunication of whether the hackers breached Yahoo Voice passwords, Yahoo's VoIP application, or Yahoo Voices, which is a user-generated informational network, but it appears Yahoo Voice users are safe.
The hackers left the following note in the text file containing the leaked credentials, “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat.” TrustedSec, an IT security firm, mentions that the passwords were stored completely unencrypted.
PCWorld recommends all Internet users use this as a reminder about the importance of secure passwords. They recommend strengthening your passwords all around and not duplicating passwords across accounts in the event some are breached.