Reports of an online security breach exposing nearly half a million email addresses and passwords may extend well beyond Yahoo users.
The New York Times is reporting that the security breach affected a number of accounts belonging to Gmail, AOL, Hotmail, Comcast, MSN, SBC Global, Verizon, BellSouth and Live.com users.
Yahoo Inc. said Thursday it was investigating a potential security breach. Yahoo's head of U.K. consumer public relations Caroline MacLeod-Smith said that she couldn't immediately provide any more detail on the breach "as we are still investigating it."
Technology websites including CNET, Ars Technica and Mashable reported that the group claiming responsibility for the attack and for exposing the usernames and passwords of more than 453,000 email accounts was D33D Company.
According to the Times, the hackers wrote a brief note about the data dump, which has since been taken offline.
“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure,” the group was quoted as saying. “Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”
The little-known group was quoted as saying they had stolen the passwords using an SQL injection -- the name given to a commonly-used attack in which hackers use rogue commands to extract data from vulnerable websites.
According to security firm Rapid7, approximately 137,500 yahoo.com accounts were breached, along with 106,800 gmail.com accounts and 55,100 hotmail.com accounts.
With files from The Associated Press
