Got a Yahoo account? It might be time to switch up your login info.
The company is investigating a possible compromise of some 400,000 accounts this week, after hacker group D33DS claimed it stole user ID passwords. The attack may have originated from servers for Yahoo Voices, a user-generated part of the company’s website, according to American security firm Trustedsec.
The BBC reports that the company failed to put out a warning about the attack even after hours had passed since the hacker group claimed responsibility. Instead a Yahoo statement said the company was investigating the claims, and encouraged users to change their passwords on a regular basis.
The addresses targeted could also include Gmail and AOL accounts associated with Yahoo, and were reportedly accessed via a familiar technique called SQL injection, which exploits a security vulnerability in a website’s software. The alleged Yahoo attack was made easier by the fact that passwords on the servers were not sufficiently encrypted. Login and change those passwords, people!