The login details of up to 450,000 users of the free PC-to-PC calling service Yahoo! Voices have been compromised as a result of the incident, and a hacker group which operates under the name D33ds Company has claimed responsibility.
‘We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," said the group in a statement initially distributed to Ars Technica.
"There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."
The stolen user data was reportedly made available for download by the group, though the host website was down due to high traffic at the time of writing.
In a statement issued to TechCrunch, Yahoo! acknowledged the incident and asserted that it was taking all possible steps to investigate the incident and prevent future security breaches of this nature.
"At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products," the statement reads.
"We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company usernames and passwords was stolen yesterday, July 11."
Yahoo! says that less than five per cent of the leaked accounts were paired with valid passwords, but has apologised to users and is currently working to correct the vulnerability.
Compromised account holders can expect to be contacted by Yahoo!, and all members have been encouraged to change their passwords on a regular basis as a precautionary measure, as well as read through the organization's online safety guide at their website.
This latest incident follows reports of a security breach at Formspring earlier this week, which saw 420,000 user passwords posted to an online security forum.
That story came less than two months after more than six million hashed passwords belonging to users of business social networking service LinkedIn were uploaded to a Russian online forum.