Up to 450,000 Yahoo! Voice account usernames and passwords have been stolen and published online.
The credentials, kept in clear text, were reportedly hacked by a group dubbed 'd33ds' and taken from Yahoo.com subdomain dbb1.ac.bf1.yahoo.com, according to security researcher and red team member Rob Fuller.
TrustedSec said the breached appeared to be a SQL injection attack to extract the sensitive information from the database.
The full text was available on the groups' website, which now appears offline.
The group allegedly behind the attack had earlier taken credit for hacking rival groups and the hacking leader board RankMyHack.
Yahoo7 has referred SC to the United States Yahoo office for contact. The company does not promote Yahoo! Voice locally.
Predictably, the most common passwords were '123456', 'password' and 'welcome' while domains Yahoo, Gmail and Hotmail appeared most frequently.
There were 1870 .edu domains, 93 .gov and 81 .mil.