A list of over 450,000 email addresses and plain-text passwords, in a document marked "Owned and Exposed" apparently from users of a Yahoo! service, is in circulation on the internet.
The affected accounts appeared to belong to a voice-over-Internet-protocol, or VOIP, service called Yahoo Voices, which runs on Yahoo’s instant messenger. The Voices service is powered by Jajah, a VOIP platform that was bought by Telefonica Europe BV in 2010.
The dump, posted on a public website by a hacking collective known as D33Ds Company, said it penetrated the Yahoo subdomain using what's known as a union-based SQL injection. By injecting powerful database commands into them, attackers can trick back-end servers into dumping huge amounts of sensitive information