Yahoo have confirmed the reports that there has been a security breach on their servers and over 400,000 accounts have been compromised. Those responsible for the breach stated it was done to prove the existence of exploits in Yahoos servers and that they hope Yahoo will pay more attention to their security. The statement in full is below.
We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat. There have been many security holes exploited in Web servers belonging to Yahoo Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.
Yahoo have also released their own statement and apology to everyone(mainly those affected) and urging everyone to change their passwords.
At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11. Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users. We encourage users to change their passwords on a regular basis and also familiarize themselves with our online safety tips at security.yahoo.com.
It looks like more and more sites and services are getting hacked(breached) these days, so it’s probably best to keep different passwords on some of your accounts and make sure to change them regularly.