A plain text data dump has been posted on the internet with passwords pertaining to a wide variety of email addresses, including those from yahoo.com, gmail.com and aol.com.
Yahoo! Voice was set up after Yahoo! bought Associated Content for more than £64 million in early 2010.
Security firm Trustedsec has looked into the breach and claims that Yahoo! was storing the data without it being encrypted.
In a blog post, Trustedsec said: "The most alarming part of the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public."
“The method for the compromise was apparently a SQL Injection attack to extract the sensitive information from the database.”
Computerworld UK contacted Yahoo! for comment but was told that it was still investigating the claims.
Find your next job with techworld jobs