Yahoo confirms breach, passwords appear not encrypted
Yahoo on Thursday confirmed that its database was hacked to steal about 400,000 usernames and passwords of members who belong to the company's Contributor Network, which formerly was known as Associated Content.
Yahoo said the theft of the file occurred on Wednesday, but fewer than five percent of the stolen accounts still contained "valid" passwords.
According to Ohio-based security firm TrustedSec, the hackers, which claimed to be part of a relatively unknown contingent known as "D33ds Company," obtained the booty in clear text through a SQL injection attack, a common technique used to infiltrate vulnerable web applications. The hackers publicly posted the file they stole, but high traffic currently is preventing it from being accessible.