Thousands of email addresses from a number of other services have been found in the data posted by hacker collective D33Ds Company, which were acquired through hacking Yahoo! Voices.
Yahoo! confirmed yesterday it had suffered a data breach and passwords from Yahoo! Voices – that were stored unencrypted – were compromised.
D33Ds used an SQL injection attack to extract the information from the Yahoo! database and 453,492 email addresses and passwords were posted online.
According the The New York Times Bits blog, a researcher at security company Rapid7 discovered 106,000 Gmail addresses, 55,000 Hotmail addresses and 25,000 AOL email addresses among the data. Details from MSN, Comcast, SBC Global, Verizon, BellSouth and Live.com accounts have also been compromised.
Users advised to change passwords
Though these addresses were all used as usernames for Yahoo! Voices accounts, affected users who employ the same password across a number of sites are advised to change it immediately.
Google immediately reset passwords for any Gmail accounts deemed to be at risk and Yahoo! spokesperson Dana Lengkeek has said that fewer than 5pc of the compromised passwords are still valid.
“We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying companies whose user accounts may have been compromised,” she said.
Sucuri Malware Labs has set up a website where users can check if their passwords were compromised.
Just last month, LinkedIn, eHarmony and Last.fm users were hit by a password breach affecting millions of users, raising questions of whether networks are doing enough to keep users’ information secure.
Password hacker image via Shutterstock