The Japanese division of Yahoo may have leaked roughly 22 million user IDs in a hack targeted at their administrative system. According to a news report from SecurityWeek, the extent of the damage is still unknown, but the company presumes user data may have been exfiltrated from Yahoo! Japan servers.
“We don’t know if the file was leaked or not, but we can’t deny the possibility given the volume of traffic between our server and external terminals,â€ representatives told SecurityWeek.
The damage, however, does not extend to the associated passwords or other credentials that may be used for password recovery purposes. Nonetheless, the company took the affected servers offline for further investigation.
Even if the user list does not contain associated passwords, it still can be used by cyber-criminals to either directly send spam e-mail to victims, or sell it on underground forums for top dollar.
As of the moment of writing, no cyber-criminal gang has taken credit for the attack.