Yahoo hackers leak half a million passwords

Hackers belonging to a group called D33Ds Company posted the account information on a public website in what they described as "a wake-up call".

The attackers did not specify which Yahoo site the user data had been obtained from but the TrustedSec blog suggested that the targeted site was Yahoo Voice, a voice-over-IP service bought by Yahoo in 2010. The service was called Associated Content but Yahoo rebranded it as Yahoo Voices.

The risk extends beyond that site, however, as those whose email addresses and passwords may have used the same login details on other websites.

David Emm, senior security researcher at Kaspersky, said: "Unfortunately, many people use the same password for multiple online accounts. This brings with it the risk that a compromise of one account puts all their accounts at risk. We would urge everyone to use a unique, complex password for all online accounts, i.e. one that is at least eight characters and mixes letters, numbers and symbols."

In a message posted along with the leaked data, the hackers said: "We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat."

The note added: "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

A Yahoo spokesman told the Associated Press that the company was still investigating the reported breach and could not provide any more details.

The leak is the latest of a stream of attacks on high profile websites. Last month more than six million passwords for the professional social networking service LinkedIn were published online. Days later music website Last.fm warned users of a potential password theft.