updated 01:56 am EDT, Thu July 12, 2012
No official statement by Yahoo on intrusion
Over 400,000 password and email combinations from a Yahoo Voices-rebranded Associated Content server have been posted onine in an apparent breach of security, according to security analyst Trusted Sec. The passwords are connected to their user-identification email addresses, not just from Yahoo, but also from Gmail, AOL, and more. The crowd-sourced question and answer service Associated Content was purchased by Yahoo in May 2010 and fully integrated into the Yahoo suite of products in December 2011.
The (large) text file was stored on the d33ds.co web server, but was not available at the time of this writing and has likely been pulled as the root domain is still connectible. The hackers responsible for the breach left a comment on the data dump, addressing Yahoo for lax security: “We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
Electronista has contacted Yahoo for comment and will update this story further if warranted. [via Trusted Sec]