Security Experts:

Connect with us

Hi, what are you looking for?



Yahoo! Voices Hacked – 450,000 Accounts Exposed

Hackers Expose More Than 450,000 Accounts Taken From Yahoo! Voices Service

Hackers Expose More Than 450,000 Accounts Taken From Yahoo! Voices Service

D33ds Company, a group of hackers known for their “Owned & Exposed” posts online, released a massive database dump on Thursday morning, which they took from Yahoo. Configuration details released by the group ties the breach to Yahoo Voices. [Update: Yahoo! has now confirmed this breach, saying an old file had been accessed. Official statement from Yahoo! is included below.]

Yahoo Voices Hacked by D33ds CompanyAlong with posting the database schema, D33Ds Co. released 453,491 email addresses and plain text passwords that were allegedly stored on the server this way.

“We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat,” D33Ds Co. said in a statement alongside the leaked data.

“There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage.”

However, as first mentioned on the TrustedSec blog, the leaked database records contained a hostname –, which ties back to Associated Content, now known as Yahoo Voices. Thus, the likely target in this attack was At the time this story was written, the domain was online boasting some 600,000 contributors.

According to, there were roughly 55,000 Hotmail accounts exposed, 106,000 GMail accounts, and 136,000 Yahoo addresses in the file. Additional stats from security vendor ESET shows 25,000 AOL accounts, 8,500 Comcast accounts, in addition to thousands of accounts for users on MSN,,Verizon, SBC, Cox, Charter, and AT&T.  

Further, DataLossDB also told SecurityWeek that based on the data; there have been 911 data loss related incidents so far this year, exposing 207,615,994 records; or average of 227,899 records per incident. Hacking is responsible for 62% of those breaches, which targeted businesses 59% of the time.

Many media outlets have incorrectly reported that the breach occured on the “Yahoo! Voice” platform, but the correct service in question of the breach is “Yahoo! Voices” — The two services are totally different.

Update: Yahoo! provided the following statement at 11:33AM ET:

At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products. We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday,July 11.

Of these, less than 5% of the Yahoo! accounts had valid passwords. We are fixing the vulnerability that led to the disclosure of this data, changing the passwords of the affected Yahoo! users and notifying the companies whose users accounts may have been compromised. We apologize to affected users.


Related NewsBest Buy Warns Customers of Account Hacking Attempts

Related Insight: The Most Prevalent Attack Techniques Used By Hackers

Written By

Click to comment

Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...


The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.


Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack


CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.


Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.


Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.