The company also provided more information about whose passwords had been pilfered.

"We have...now fixed this vulnerability, deployed additional security measures for affected Yahoo! users, enhanced our underlying security controls and are in the process of notifying affected users," the company announced in a post to its early Friday.

Yahoo has offered no specific information about the attack, how it was carried out or even when. It Thursday.

The hacker group D33Ds Company took responsibility for the breach, saying it had exploited a basic SQL injection vulnerability in a Yahoo service to steal the usernames and passwords associated with 453,000 accounts. The group and email addresses on the Web.

Yahoo also confirmed that the stolen account credentials belonged to registered users of its Yahoo Contributor Network, which was previously known as Associated Content.