LOS ANGELES (LA Times) — Yahoo said a hacker group broke into a database for one of its services and downloaded the account information of more than 400,000 users.
The Internet company said information for users of other email services including AOL, Gmail and Hotmail were among those that were breached.
Yahoo said it was
working to fix the vulnerability and was changing the passwords of the affected users. The company also said it was notifying other companies whose users’ information may have been compromised.
The hack happened Wednesday, according to Yahoo, and involved a file that contained old user information for the Yahoo Contributor Network service. The Yahoo Contributor Network is a publication tool that lets users contribute content to Yahoo and potentially earn money doing so. Only about 5 percent of the accounts still had valid passwords, Yahoo said.
“We apologize to affected users,” the company said in an email statement. “We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.”
A hacker group called D33D claimed it was responsible for the attack and said it hoped Yahoo and the others involved would see this as a wake-up call rather than a threat.
The top five passwords in the stolen batch were “123456,” “password,” “welcome,” “ninja” and “abc123,” said David Harley, senior research fellow at security firm ESET.