Yahoo said it was "fixing the vulnerability that led to the disclosure of this data," but did not confirm that the bug had actually been quashed. The company was also changing the passwords of affected Yahoo members.

"We apologize to all affected users," said Yahoo.

Almost a third -- 30.3% -- of the leaked email addresses were ones from yahoo.com, while 23.6% were Gmail addresses and 12.2% were Hotmail addresses, said security company Rapid7, which did a quick analysis of the data published on the Web Wednesday.

Aol.com, comcast.com msn.com, sbcglobal.com, live.com, verizon.net and bellsouth.net addresses rounded out the top 10.

Also included in the cache, said Marcus Carey, security researcher at Rapid7, were 123 government email accounts -- ones ending with ".gov" -- and 235 military-related addresses (ending with ".mil").