Hackers claim to have stolen 450,000 Yahoo logins

Hackers claim to have breached Yahoo's security, posting the alleged login details of over 450,000 users.

The attack reportedly targeted the company's Yahoo Voices platform with a union-based SQL injection technique - a form of attack that tries to trick a SQL database to run a string containing malicious code.

The hackers posted over 453,000 alleged login credentials to the D33D Company website as proof of the breach, claiming the attack was intended to be a wake up call for Yahoo.

"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," the group said.

"There have been many security holes exploited in webservers belonging to Yahoo that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."

Yahoo told V3 that it was investigating the hackers' post and encouraged users to change passwords regularly.

"At Yahoo we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We are currently investigating the claims of a compromise of Yahoo user IDs," said a Yahoo spokesman.

"We encourage users to change their passwords on a regular basis and also familiarise themselves with our online safety tips at security.yahoo.com."

Prior to the hackers post, question and answer site Formspring confirmed it had disabled its users passwords after around 420,000 hashed passwords claiming to belong to the site were posted to a security forum.

The breaches come after several high-profile password thefts in June with LinkedIn and Last.fm both affected.