After major e-mail woes in December, Yahoo is has been hit again with another massive problem, Yahoo Mail has been hacked.
This was confirmed by Jay Rossiter, senior vice president of Platforms and Personalization Products at Yahoo, on the firm’s Tumblr blog.
“Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” he said. “Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.”
Rossiter said the list of usernames and passwords that were used to execute the attack Relevant Products/Services was likely collected from a third-party database compromise.
“We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer Relevant Products/Services software used the list of usernames and passwords to access Yahoo Mail accounts,” Rossiter said. “The information sought in the attack seems to be names and e-mail addresses from the affected accounts’ most recent sent e-mails.”
Rossiter then outlined what Yahoo is doing to protect Mail users. First, the company is resetting passwords on impacted accounts and using second sign-in verification to allow users to re-secure their accounts. Rossiter said impacted users will be prompted to change their passwords and may receive an e-mail notification or an SMS text if they have added a mobile Relevant Products/Services number to their accounts.
Yahoo is also working with federal law enforcement to find and prosecute the perpetrators responsible for this attack. He said the company has implemented additional measures to block attacks against Yahoo’s systems.