Yahoo Mail Prompts Password Resets After Security Attack

Are you a Yahoo Mail user? The company has issued a press release to note an unauthorized third party attempted access some Yahoo Mail accounts. No numbers were disclosed, but the attack seems large enough for Yahoo to issue a statement:

Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

Yahoo says they are resetting passwords on affected accounts (they didn’t disclose how many accounts were involved) and implementing two-step authentication to help users secure their accounts. If you were impacted, Yahoo says you may have received an email or SMS to change your password.