Yahoo Offically Confirms Email Breach and is Still "Fixing the Vulnerability"
Yahoo has formally confirmed that the Yahoo Voices data breach did come from its servers, and that "approximately" 400,000 email addresses and passwords have been compromised in plain text online.
Currently, security specialists are still analyzing the data and created a script to determine if your email address (which need not necessarily be a @yahoo.com address) is one of those leaked. From an official statement which Yahoo had released, we know that the data came from an older file from the Yahoo Contributor Network, and that less than 5% of the emails had valid passwords.
In the interim, Sucuri, the company which created the script, has also started scrutinizing the breached list. Yahoo has been identified as one of the most common domains in the email list. According to them, 135,599 emails came from yahoo.com, with a further 106,185 from gmail.com, 54,393 from hotmail.com, 24,677 from aol.com, 8,422 from comcast.net, and 6,282 from msn.com.
"123456" was used as the password for 1,666 of the accounts, while "password" was used for 780 of them. Common first names like "Maggie" and "Michael" was also utilized along with other number variations like "123123". It was also noted that the most common length of password is seven characters.
You can check if your account was compromised by heading to this link.
Source: Tech Crunch