Hackers claim to have stolen 400,000 Yahoo passwords

Search giant Yahoo may have become the latest high-profile internet site to suffer a password leak after 453,491 of its users' login details were apparently posted online.

The username and passwords are said to belong to members of the Yahoo Voices content sharing network and were posted on the website of well-known hacking group D33Ds.

We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call.

In an accompanying post, the hacking group said the attack should prompt Yahoo into tightening its security.

"We hope that the parties responsible for managing the security of this sub-domain will take this as a wake-up call, and not as a threat," said the group.

The breach follows on from last month's spate of password hacks, which blighted networking sites like LinkedIn, eHarmony and LastFM.

In another blog post by US security firm TrustedSec, it was claimed the information may have been obtained through an SQL injection attack.

"The most alarming part to the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public," said the post.

"The passwords contained a wide variety of email addresses including those from yahoo.com, gmail.com, aol.com, and much more," it added.

At the time of writing, IT Pro was awaiting a response from Yahoo.

However, according to a report on the BBC News site, Yahoo said it was investigating the breach.

Anna Brading, a contributor to Sophos' Naked Security blog, said, even though D33Ds say they have no plans to use the data, it is accessible to anyone online.

"The only silver lining on the cloud is that the website hosting the passwords is temperamental, and people are experiencing difficulties accessing the information," said Brading.

"But maybe the access problems are being caused by so many people trying to access the stolen passwords at once? "