Yahoo is investigating a hack that disclosed the usernames and passwords of at least 450,000 users. The attackers are believed to have gotten into the site through Yahoo Voices, the user-generated content site formerly known as Associated Content.
Security Firm TrustedSec found that the passwords were stored unencrypted, and have now been posted online. This means anyone affected by this breach is at immediate risk of an account breach, and so far has only offered publicly that it is "looking into" claims of a breach. The best advice for Yahoo users at this point is to find out for themselves if their account has been breached, and take immediate steps to change their passwords.
(Use Yahoo? See this list for the affected accounts. As of press time, the server was having trouble keeping up with requests.)
Hacking group D33D Company has taken responsibility for the attacks, and say they wanted to issue a wake up call not only to Yahoo to improve the security of their site, but also to web users who still are using easily cracked passwords.
An analysis of the file by security firm ESET found that at least 2,295 users had a password with a sequential list of numbers, such as "123456". 780 used "password" as their password, and another 233 used the word "password" with a few numbers behind it. These are all passwords that could easily be cracked by the most novice of hackers.
ESET says there is not much you can do after breaches like this other than to change your own password, pressure the provider to better secure your accounts, and look around to see if there may be "safer" services available similar to the one you're using.
Another important tip to follow is if your Yahoo account includes another email domain -- say gmail.com -- and your email account password there is the same as on Yahoo, to be safe change your email password as well. It's always a good idea to use a different password for your email account as opposed to the rest of your online accounts, especially if your email address is used as the username.