Virtual Event: Threat Detection and Incident Response Summit - Watch Sessions
Connect with us

Hi, what are you looking for?



Yahoo! Voices Hacked – 450,000 Accounts Exposed

Hackers Expose More Than 450,000 Accounts Taken From Yahoo! Voices Service

Hackers Expose More Than 450,000 Accounts Taken From Yahoo! Voices Service

D33ds Company, a group of hackers known for their “Owned & Exposed” posts online, released a massive database dump on Thursday morning, which they took from Yahoo. Configuration details released by the group ties the breach to Yahoo Voices. [Update: Yahoo! has now confirmed this breach, saying an old file had been accessed. Official statement from Yahoo! is included below.]

Yahoo Voices Hacked by D33ds CompanyAlong with posting the database schema, D33Ds Co. released 453,491 email addresses and plain text passwords that were allegedly stored on the server this way.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” D33Ds Co. said in a statement alongside the leaked data.

“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

However, as first mentioned on the TrustedSec blog, the leaked database records contained a hostname –, which ties back to Associated Content, now known as Yahoo Voices. Thus, the likely target in this attack was At the time this story was written, the domain was online boasting some 600,000 contributors.

According to, there were roughly 55,000 Hotmail accounts exposed, 106,000 GMail accounts, and 136,000 Yahoo addresses in the file. Additional stats from security vendor ESET shows 25,000 AOL accounts, 8,500 Comcast accounts, in addition to thousands of accounts for users on MSN,,Verizon, SBC, Cox, Charter, and AT&T.  

Further, DataLossDB also told SecurityWeek that based on the data; there have been 911 data loss related incidents so far this year, exposing 207,615,994 records; or average of 227,899 records per incident. Hacking is responsible for 62% of those breaches, which targeted businesses 59% of the time.

Advertisement. Scroll to continue reading.

Many media outlets have incorrectly reported that the breach occured on the “Yahoo! Voice” platform, but the correct service in question of the breach is “Yahoo! Voices” — The two services are totally different.

Update: Yahoo! provided the following statement at 11:33AM ET:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday,July 11.

Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users.


Related NewsBest Buy Warns Customers of Account Hacking Attempts

Related Insight: The Most Prevalent Attack Techniques Used By Hackers

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Artificial Intelligence

The degree of danger that may be introduced when adversaries start to use AI as an effective weapon of attack rather than a tool...