Yahoo is resetting passwords on Yahoo Mail accounts following an attempted hack.
In a posting on its official blog, Yahoo described what it called “a coordinated effort to gain unauthorized access to Yahoo Mail accounts.” Using a list of usernames and passwords obtained from “a third-party database compromise,” the attackers attempted to break into those accounts, possibly in search of “names and email addresses from the affected accounts’ most recent sent emails.”
Yahoo promptly reset the passwords on the compromised accounts, and implemented second sign-in verification so those users can re-secure their email handles. “Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account,” the blog advised.
Yahoo is coordinating with law enforcement to find those behind the attack, in addition to layering additional security on its backend infrastructure. The blog posting ends with the usual boilerplate about the need for users to maintain different passwords for various online accounts, along with the standard-issue apology for the inconvenience.
While no company ever wants to suffer a data breach (or even deal with an attempted one), Yahoo is at a somewhat delicate juncture in its history. CEO Marissa Mayer has embarked on an aggressive series of acquisitions and talent hires, in a bid to give Yahoo the engineering talent and pre-built audiences it needs to compete more heartily against Google and other online competitors; while those maneuvers have earned the company some buzz over the past few quarters, they haven’t translated into higher revenues or a bigger customer base. Any sign of lax security—or user information leaking onto the broader Web—could have a sizable impact on Yahoo’s attempt to draw in new users.
Fortunately for Yahoo, it seems to have stopped the attackers before they could cause significant damage.