Yahoo Japan, which has little to do with the Yahoo that's buying Tumblr, has revealed that it believes some 22 million IDs may have been leaked in an attack that the company discovered and stopped as it happened.Yahoo Japan believes the attackers were attempting to get their hands on IDs and probably whatever else they could get their hands on.
The company is unsure how much – if anything – got out. They intercepted the file containing the 22 million IDs while it was on Yahoo’s servers and it's unclear if attackers were able to grab it or not. Yahoo cut off access as soon as it detected the intrusion.
Even if they have, the file only contains IDs, not passwords or any other data. Users can check whether their ID was one of those affected and may want to change their password, though the danger is small.