Yahoo recently experience a hack in their software which exposed more than 450,000 e-mails and passwords thus leaving the said data as vulnerable. Most of these login details were stored in plain text.

The group of hackers who were responsible for the attack were identified as "the D33Ds Company". The group claims that they were succesful in hacking into the database through utilizing an SQL injection vulnerability that they found on a Yahoo subdomain. The intention for the hacking was said to be a "wake-up call" for Yahoo in order to strengthen its security.

Here is the comment posted by the hackers:

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

Yahoo has already confirmed that they are already aware of the matter and remarked that they are already looking into the matter at hand. Caroline MacLeod-Smith, the head of consumer PR in Yahoo released a statement regarding this matter. Here is the official statement released by Yahoo:

"We confirm that an older file from Yahoo Contributor Network (previously Associated Content) containing approximately 450,000 Yahoo and other company users names and passwords was compromised yesterday, July 11. Yahoo's head of consumer PR in the UK said via email. Of these, less than 5% of the Yahoo accounts had valid passwords. We are taking immediate action by fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo users and notifying the companies whose users accounts may have been compromised. We apologize to all affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com."

According to reports, sensitive information such as MySQL server variables, names of database tables and columns, as well as a list of 453,492 email addresses and passwords in plain text were all hacked. These compromised information came from Yahoo Voices. Yahoo Voices was once known as a self-publishing service called Associate Content.

Ander Nilsson, chief technology officer at Eurosecure did an analaysis of the data and found out that that other email addresses (gmail.com, hotmail.com, and aol.com) were also exposed. The analysis also showed that the most common password utilized was "123456" which was used by 1,666 users. The second most common password as "password" which was used 780 times. "Password" was also the base word used for 1373 passwords.

Yahoo users that were affected by this hacking should need to change their passwords as soon as possible.