Yahoo Mail has become the target of an email account hacking attempt and now Yahoo is investigating into the same.
On Thursday, January 30, Yahoo alerted its free e-mail service users of the attack, which was allegedly aimed at gathering personal information from recently sent messages. The hackers used stolen passwords to gain access to information.
The company immediately took action and alerted users of compromised accounts to reset their passwords. Yahoo, however, has not revealed the number of accounts that were affected.
"Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts," revealed Jay Rossiter, Yahoo SVP for platforms and personalization products in a blog post.
The company believes that the hackers got hold of a list of user names and passwords from third-party database.
"We have no evidence that they were obtained directly from Yahoo's systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails," per Rossiter.
Yahoo also revealed that apart from resetting passwords on impacted accounts, it was also working in tandem with federal law enforcement to "find and prosecute the perpetrators responsible for this attack." To counter the issue, the company has also deployed additional measures to ward off attack against Yahoo's systems.
Use of usernames and passwords to gain access into other websites is a common practice used by cybercriminals and, therefore, it is advisable not to use the same user name and password across other sites. Yahoo has advised against the same as it makes users "vulnerable to these types of attacks".
Yahoo has a two-factor authentication process in place for additional security to guard against such attacks; however, this feature can often be bypassed with ease.
Rossiter has apologized for the breach of security by the company.
"We regret this has happened and want to assure our users that we take the security of their data very seriously," he said.