Yahoo has confirmed that it detected an attack that may have affected an unknown number of users of that system. In a post on the Yahoo Tumblr blog, Yahoo says that it has reset passwords for users who may have been affected and is in the process of contacting those users. If a mobile number had been associated with the account affected users may receive a SMS message notifying them of the password reset. It does not appear, at the moment, that Yahoo’s servers were attacked directly but that the email addresses were likely collected from a third-party database which was compromised. Read that as some other company that has access to Yahoo email addresses had their system compromised. The unasked question is how and why those emails were shared.
Here’s a quote from Yahoo’s statement:
Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.
Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
Yahoo says that in addition to resetting passwords it is working with federal law enforcement to investigate the attack and that it has instituted unspecified procedures to block other attacks.
The fact that Yahoo released this news in a public blog post speaks to the seriousness of the matter. More information on this I’m sure will be revealed and as it is, we’ll bring it to you.