Yahoo caught wind of an attempted, coordinated hack to gain access to its Yahoo Mail accounts and the company is prompting the owners of affected accounts to reset their passwords, according to the company’s blog.
A malicious computer software apparently used a list of Yahoo Mail usernames and passwords to try to get the names and email addresses from recent send emails.
Yahoo says that the list of usernames and passwords that was used to execute the attack was likely collected from a third-party database, not from Yahoo’s own system.
Here’s what Yahoo says it’s doing to protect users:
- We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
- We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
- We have implemented additional measures to block attacks against Yahoo’s systems.
The company also warns users to adopt good password practices, like changing their password regularly, using different variations of symbols and characters, and never using the same password on multiple sites.
“Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks,” the company writes.