Some 450,000 email addresses and associated unencrypted passwords have been dumped online by the hacking collective "D33Ds Company" following the compromise of a Yahoo subdomain.
The attackers said that they managed to access the subdomain by leveraging a union-based SQL injection attack, which made the site return more information that it should have.
"We hope that the parties responsible for managing the security of this subdomain will take this as a wake-up call, and not as a threat," they concluded. "There have been many security holes exploited in webservers belonging to Yahoo! Inc. that have caused far greater damage than our disclosure. Please do not take them lightly. The subdomain and vulnerable parameters have not been posted to avoid further damage."