2nd UPDATE: Yahoo Confirms Theft of Passwords from Users

Yahoo Inc. (YHOO) said it is investigating a data breach that allowed a hacker group to download about 453,000 unencrypted user names and passwords, a revelation that also threatened users' email accounts with other providers.

The Sunnyvale, Calif., company said the compromised user information belongs to Yahoo Voices, a self-publishing service once known as Associated Content. A hacking organization called D33Ds Co. posted the stolen data on its website and appended a note describing the download "as a wake-up call and not as a threat." The group said it aims to expose Yahoo's vulnerabilities.

Yahoo noted that less than 5% of the Voices accounts had still-valid passwords.

The hacked file also included the email addresses--such as those from AOL Inc. (AOL) and Google Inc.'s (GOOG) Gmail--that people used to register for the Yahoo Voices service. The passwords listed were those used to log into Yahoo Voices, but in some cases also were the same ones used for the email addresses.

AOL and Gmail said they responded by finding out which customers were still using the compromised Yahoo passwords and have prompted affected customers to change their logins.

AOL noted that only about 7% of the roughly 25,000 AOL Mail addresses revealed in the Yahoo breach had the same passwords on their email accounts.

"We have definitely had to deal with this in the past," said David Temkin, AOL's mail and mobile chief. He said AOL took similar actions when social-network LinkedIn Corp. (LNKD) earlier this year disclosed that 6.5 million of its encrypted user passwords were stolen.

Yahoo said in an emailed statement it is fixing the vulnerability that led to the data breach. The company also said it is changing affected users' passwords and notifying companies with accounts that might have been compromised.

Constellation Research analyst Ray Wang said Yahoo apparently fell prey to an extremely common kind of database attack that most companies typically take steps to combat.

"This isn't supposed to happen," he said, calling the exploited flaw "an easy thing to prepare for."

The breach came at an awkward time for Yahoo executives, who are working to regain investors' trust after former Chief Executive Scott Thompson resigned in May over embellishments on his resume. The company held its annual shareholder meeting Thursday.

Shares of Yahoo fell 11 cents to $15.69.

Yahoo's latest first-quarter earnings rose 28% with help from its investments in Asian Internet companies, but total revenue inched up about 1%. Interim CEO Ross Levinsohn is seeking to raise the top line by revving up advertisement sales on Yahoo's media websites, though it is still unclear if he will remain at Yahoo's helm with a permanent title.

Yahoo bought Associated Content in 2010 for a reported $100 million. The content platform allows users to write articles, reviews or opinion pieces and pays them based on the number of views the material attracts. The Internet giant rebranded its acquisition as the Yahoo Contributor Network and now offers content through a portal called Yahoo Voices.