Yahoo has fixed a security vulnerability that allowed hackers to obtain and expose online about 450,000 user names and passwords, according to a company blogpost Friday.
The company had acknowledged the breach, which affected users of a service called the Yahoo Contributor Network, earlier in the week.
The hacked credentials were part of a “standalone file” containing Contributor Network credentials from before May 2010, when Yahoo purchased the company, according to Yahoo. The Network pays contributors modest sums to generate search engine-optimized content. Credentials in the file were “not used to grant access to Yahoo systems and services.”
Yahoo also said it has deployed additional security measures for affected users and strengthened its underlying security controls. It is also in the process of notifying affected users, and said it plans to continue to take “significant measures” to protect users and their data. Yahoo recommends that Contributor Network account holders change their sign-on information if they have not done so since before May 2010.
A hacking group called D33Ds Company has taken responsibility for the hack.