A plain text data dump has been posted on the internet with passwords for email addresses, including those from yahoo.com, gmail.com and aol.com.
Yahoo! was storing the data without it being encrypted, according to Security firm Trustedsec, which has looked into the breach.
In a blog post, Trustedsec said: "The most alarming part of the entire story was the fact that the passwords were stored completely unencrypted and the full 400,000+ usernames and passwords are now public."
“The method for the compromise was apparently a SQL Injection attack to extract the sensitive information from the database.”
Yahoo! is still investigating the claims.
Yahoo! Voice was set up after Yahoo! bought Associated Content for more than £64 million in early 2010.