Yahoo said Thursday it had discovered what it described as a “coordinated effort” by hackers to gain access to a number of Yahoo Mail accounts.
In a ‘security update’ message posted on its Tumblr page, Yahoo’s Jay Rossiter declined to say precisely how many accounts had been compromised, but said it had taken “immediate” action and contacted affected users, prompting them to reset their passwords.
There are known to be some 273 million Yahoo Mail accounts globally, with around 81 million based in the US.
Rossiter said a list of usernames and passwords used in the attack “was likely collected from a third-party database compromise” and that there was currently no evidence that personal data had been taken directly from any of Yahoo’s own servers. Of course, this begs the question: From which third-party database was the information pulled? If Yahoo knows, it didn’t want to say.
Describing its investigation as “ongoing,” Rossiter said the company had so far discovered that “malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.”
Yahoo said that besides contacting those affected, it had already reset passwords on impacted accounts and was using second sign-in verification to enable users to choose a new password. It added that it’s now working with federal law enforcement in an effort to find those responsible, and had implemented “additional measures” in an effort to prevent future attacks on its systems.
The last few months have seen a number of high profile cyberattacks – retail giant Target was hit recently by a hack affecting up to 110 million of its online users, while back in October Adobe reported a serious security breach impacting up to 38 million accounts.