SUNNYVALE (KCBS) – Yahoo Inc. said Thursday it’s investigating reports of a security breach that has purportedly exposed nearly half a million users’ email addresses and passwords.
The company said in a statement that that it was looking into “claims of a compromise of Yahoo! user IDs” but didn’t give any further detail as to the size of the reported breach or how it may have happened.
Technology news websites including CNET, Ars Technica, and Mashable cited hackers calling themselves the D33D Company as claiming responsibility for the attack, adding that data posted to the group’s website carried more than 453,000 login credentials from an unidentified Yahoo site.
The hackers claim they sought to expose a flaw in Yahoo security rather than profit from the data theft, a claim KCBS technology analyst Larry Magid said rang false given that sensitive log-in information was made available online.
“What they should have done is contacted Yahoo rather than post the information. So they’re obviously going out of their way to embarrass Yahoo, and I think there’s a bit of maliciousness in the way they’re doing this,” Magid said.
A Ukraine-registered website associated with D33D Company was unreachable Thursday; an email address and a phone number attributed to the site’s registrant appeared to be invalid.
CNET Editor at Large Brian Cooley reports:
You can hear Brian Cooley’s Tech Watch report Tuesdays and Thursdays at 1:50 P.M. on KCBS All News 740AM and 106.9FM.
(Copyright 2012 by CBS San Francisco and the Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or redistributed.)