Yahoo says it’s investigating reports of a security breach that may have affected nearly half a million users. The company says it’s looking into “claims of a compromise of Yahoo! user IDs” but did not disclose the size of the reported breach or how it may have happened, The Associated Press reports. Tech news websites, including CNET, Ars Technica, and Mashable are reporting a little-known group, the D33D Company, has claimed responsibility for the attack. The group is saying they stole the passwords using an SQL injection — an attack in which hackers use rogue commands to extract data from vulnerable websites. Yahoo’s Head of U.K. Consumer PR Caroline MacLeod-Smith said she couldn’t provide any more details on the breach “as we are still investigating it”.