This type of attack is quite common on the internet and together with the remote file inclusion attack makes up for 90% of the well-known vulnerable points of scripts all over the internet.
The hacking group posted 453 000 plain test user/password logins on the internet for everyone to see. While antivirus companies and security experts urge Yahoo users to change their passwords in an effort to prevent spam and other social engineering attacks, the hacking group attacks Yahoo for its poor security.
Yahoo made a public official statement affirming that it values user security and that the recent user list although it’s real it was not extracted from its database. Yahoo declares that the logins are part of an older database dump it had from Yahoo! Contributor Network (previously known as Associated Content).
Yahoo hack comes as no big surprise as some other big online companies like Last.fm, LinkedIn, Formspring and others were hacked not to long ago.