Sunnyvale, Calif. – Yahoo recently identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. In a Tumblr blog post signed by Jay Rossiter, senior VP, Platforms and Personalization Products of Yahoo, the company said that upon discovery, it took immediate action to protect users, prompting them to reset passwords on impacted accounts.
According to Yahoo’s current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. Yahoo said it has no evidence that they were obtained directly from Yahoo’s systems. An ongoing Yahoo investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
Yahoo has taken steps to protect users including resetting passwords on impacted accounts, working with federal law enforcement to find and prosecute the perpetrators responsible for this attack, and implementing additional measures to block attacks against Yahoo’s systems.