Yahoo VoIP Voice service has been breached and there are, according to security expert and former hacker Kevin Mitnick, 450,000 email addresses and plain-text passwords floating around the internet.

The info is contained in a 17MB text file that has been released by a group of hackers calling themselves the D33DS Company. Access to the original information is said to have been achieved through use of an SQL injection vulnerability, where databases are accessed through inadequately filtered parameters passing through the web front end.

Whether the passwords were originally stored as plain text in the database or if the hackers had already cracked hashed passwords to produce the file is unclear. The latter would mean that the 450,000 records are just those for which the hackers were able to identify the hashed passwords plain text equivalent, and that, in turn, would also mean that the actual extent of stolen data could be even higher. Yahoo! has yet to answer requests for comment.