A plain text data dump has been posted on the internet with passwords pertaining to a wide variety of email addresses, including those from yahoo.com, gmail.com and aol.com.
Yahoo! Voice was set up after Yahoo! bought Associated Content for more than £64 million in early 2010.
Security firm Trustedsec has looked into the breach and claims that Yahoo! was storing the data without it being encrypted.
In a blog post, Trustedsec said: "The most alarming part of the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public."
“The method for the compromise was apparently a SQL Injection attack to extract the sensitive information from the database.”
Computerworld UK contacted Yahoo! for comment but was told that it was still investigating the claims.