Yahoo Mail breach confirmed; data of unspecified number of users stolen
Yahoo has confirmed breach of its Yahoo Mail service wherein attackers made away with data related to unspecified number of users.
“Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts”, noted Jay Rossiter, SVP, Platforms and Personalization Products at Yahoo in a blog post.
“Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.”
Yahoo revealed that upon investigation and current findings it believes that data wasn’t stolen from its servers, but was stolen through a third-party database compromise. “Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.”
Yahoo hasn’t detailed the total number of affected accounts, but has said that it has reset passwords of affected accounts and “using second sign-in verification to allow users to re-secure their accounts.” Affected users should see a prompt to change their passwords and will even receive an email notification or SMS.
Further, the second largest online email service has also revealed that it is working with law enforcement agencies to nail the perpetrators responsible for the attack.
Rossiter concluded the blog post with the statement: “We regret this has happened and want to assure our users that we take the security of their data very seriously”.
The latest attack on Yahoo Mail isn’t a one off case as back in July 2012 attackers managed to steal around 450,000 email addresses and passwords through Yahoo! contributor network.
Let us know in the comments section if you were affected by this breach.