Yahoo reported today that hackers have attempted a coordinated attack on a number of Yahoo Mail accounts.
According to the company’s blog post, Yahoo believes that the attack was caused by attackers trying to use credentials stolen from a third-party to gain access to users’ mail accounts. Once inside, the software the attackers used was designed to grab the names and email addresses of a user’s most recent sent emails. The company didn’t disclose how many accounts were affected by the attack.
In response, Yahoo has reset the passwords of affected accounts, and those hit by the attack will be asked to create a new password when they next log in. For users who turned on Yahoo’s “second sign-in” two-factor authentication system, they may be required to enter a verification code in order to log in, even on computers that they have already used before.
While Yahoo didn’t name names, it seems possible that the massive database of 150 million stolen Adobe IDs (which usually take the form of e-mail addresses) and passwords could have played a role in the attack.
The past few months have been rough for Yahoo Mail. The service got a redesign which many users found frustrating, and was then hit with numerous outages tthat left people without email sometimes for days at a time. While the company has been trying to get Mail back on its feet after all that, today’s announcement seems like more bad news in a parade of frustrations.
Yahoo is still investigating the incident, and says that it’s working with federal law enforcement to find and prosecute the perpetrators of the attack.
For people currently working to restore some semblance of control over their passwords, check out our guide on how to build a better password system.