Yahoo confirmed on Thursday that about 400,000 passwords were in fact stolen.
"We confirm that an older file from Yahoo! Contributor Network (previously Associated Content) containing approximately 400,000 Yahoo! and other company users names and passwords was stolen yesterday, July 11," the company said in a statement to CNBC.
Of the stolen passwords, however, less than five percent of the Yahoo accounts had valid passwords, the company said in the statement.
The company is fixing the vulnerability and changing passwords of affected Yahoo users. It is also notifying companies whose accounts may of been compromised, according to the statement.
The security firm Rapid7 said a data file published on the Web contained logins and cleartext passwords for Yahoo as well as several other Internet services, including Google Inc's Gmail and AOL as well as Microsoft Corp's Hotmail, MSN and Live sites.
"It's way bigger than Yahoo," said Rapid7 researcher Marcus Carey. "We can assume that tens of thousands of people on services outside of Yahoo could be compromised."
Chairman Alfred Amoroso acknowledged that Yahoo had experienced a "tumultuous" year at its annual shareholder meeting on Thursday morning. Interim CEO Ross Levinsohn told attendees he was optimistic about the company's progress.
Yahoo spokeswoman Dana Lengkeek did not respond to a request asking her to identify the companies whose credentials were stolen. Officials with Google, AOL and Microsoft could not immediately be reached for comment.
Lengkeek said "an older file" had been stolen from Yahoo Contributor Network, an Internet publishing service that Yahoo purchased about two years ago. It helps writers, photographers and videographers to sell their work over the Web.
The theft follows a breach reported last month by the business networking service LinkedIn, which resulted in the release of some 6.4 million member passwords.
Despite the hacking incident, Yahoo! shares outpaced the NASDAQ on Thursday, trading down .66% to $15.70. The stock is down 2.67% year-to-date.