Great, Now Yahoo E-mail Addresses & Passwords Have Been Stolen

yahoologoIn news that makes you long for the days of handwritten correspondence, Yahoo has announced that usernames and passwords for an unspecified number of users have been compromised.

“Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” writes the company that is not Google on its Tumblr page. “Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.”

The statement continues:

“Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”

Yahoo says it is resetting passwords on accounts affected by the breach and requiring secondary sign-in verification for these users to prove they are who they claim to be.

If affected account-holders have associated a wireless number with their account, Yahoo may notify these users by text that they need to change their password.

Yahoo says it is working with (the very busy) federal law enforcement to investigate.

Even if you are not told to reset your Yahoo password, you would be well advised to do so as you’d hate to find out too late that this data breach is larger than initially thought.

And just as a reminder, you should never use the same username/password pairing on multiple sites.

Read Comments2

Edit Your Comment

  1. smirkette says:

    So who was responsible for maintaining this third-party database? What was it used for? Inquiring minds and all.

  2. furiousd says:

    Password reuse is a big problem
    http://xkcd.com/792/

    Of course, a bigger issue is what’s caused the reuse problem: complicated password creation dictated by poor password rules
    https://xkcd.com/936/