Yahoo! Inc. said today that a security breach on its siteexposed 450,000 user names and passwords for accounts at Yahoo andother Internet services such as Microsoft Corp.'s Hotmail and AOLInc.

A file containing login credentials for Yahoo and other accountswas stolen from a Yahoo site featuring user articles, videos andslideshows on July 11, the company said in an e- mailed statementtoday.

“At Yahoo we take security very seriously and invest heavily inprotective measures to ensure the security of our users and theirdata across all our products,” the Sunnyvale, California-basedcompany said in the statement. ''We are taking immediate action byfixing the vulnerability that led to the disclosure of this data,changing the passwords of the affected Yahoo! users and notifyingthe companies whose users accounts may have been compromised. Weapologize to all affected users.''

Yahoo spokeswoman Kate Wesson said the company has 298 millionactive Yahoo e-mail users worldwide. That means the breach affectedless than one percent of users.

Reuters earlier reported that a hacker group called D33DS hadposted online details of 450,000 user accounts and passwords thatit claimed were taken from a Yahoo server.

TrustedSec, a Berea, Ohio-based security consultancy thatreviewed the list of breached e-mail addressed, reported on itsblog that the addresses included accounts from AOL and Hotmail.

Masked Site

The hackers that posted the information made efforts to maskwhich Yahoo site the stolen passwords came from, but inadvertentlyleft clues in the file that point to the Yahoo! Voices site as thesource of the breach, TrustedSec wrote.

The breached site was formerly known as Associated Content, asite for user-generated content that Yahoo bought in 2010 andre-branded last year.

Many of the victims may have been Associated Content users whosigned up for the service before Yahoo turned it into Yahoo Voices,said Kurt Baumgartner, a security researcher at Russian antivirusfirm Kaspersky Lab. That likely explains why non-Yahoo e-mailaccounts were among the breached data, as users could sign up forthe service with a variety of e-mail accounts, he said.

The Yahoo e-mail accounts of at least 10 foreign journalistsbased in China and Taiwan were hacked in March 2010, according toReporters Without Borders, a Paris-based press freedom group. Yahoosaid in an e-mailed statement in response to the breach that it“condemns all cyber attacks regardless of origin or purpose.”

Past Attacks

Google Inc. said in January 2010 that it was one of at least 20companies targeted in a “highly sophisticated” computer attackdirected at e-mail accounts of human rights activists. That month,Yahoo was targeted by a Chinese attack similar to the one thataffected Google, according to a person familiar with thematter.

Yahoo dropped 0.5 percent to $15.73 at 2:33 p.m. in New York.The shares had declined 2 percent this year through yesterday.

Bloomberg News

Copyright 2018 Bloomberg. All rightsreserved. This material may not be published, broadcast, rewritten,or redistributed.