Yahoo on Thursday said it deflected an attack on its systems.
“Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts,” the company said in a blog posting.
It added: “Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”
Yahoo said that passwords will be reset for impacted accounts, and they’re using a second sign-in verification to allow Yahoo Mail users to secure their accounts.
Yahoo also said it’s working with federal law enforcement to find the perpetrators.