"Some of the government addresses were from various [U.S.] intelligence agencies, the FBI, TSA [Transportation Security Administration] and DHS [Department of Homeland Security]," said Carey. "Those, and of course, the .mil accounts, could be used for targeted attacks later."

Yahoo accounts made up less than a third of the 450,000 stolen from an online content-sharing service. (Data: Rapid7.)

Yahoo did not immediately respond to follow-up questions, including whether the leaked addresses and passwords were only from the pool of people who had registered with the Content Network to post their work on the site, or whether others, including those who may have accessed the content via the Voices portal, also needed to be concerned about the breach.

The Yahoo leak, which followed a much larger one last month that involved approximately belonging to LinkedIn members, was another black eye for the online industry.

Several security researchers, including Carey, drew comparisons between the two. "Organizations and users still aren't taking security seriously enough," he said, referring to the constant barrage of credential breaches.