Yahoo Mail Resets User Passwords After Confirmed Breach

Yahoo Mail Resets User Passwords After Confirmed Breach

Yahoo states info sought in the attack seems to be names and emails from impacted accounts' most recent sent emails.

In a post on its official Tumblr, Yahoo has confirmed it has identified a "coordinated effort" to gain unauthorized access to Yahoo mail accounts, and upon discovery of the breach, it has reset the user passwords on affected accounts. According to company, the attack was indirect, claiming "the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," and that it has no evidence data was obtained from Yahoo's systems. It adds that the info sought from the hack seems to be names and email addresses from impacted accounts' sent emails.

The company has outlined the steps it's making to protect users, which you can read below.

- We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.

- We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.

- We have implemented additional measures to block attacks against Yahoo's systems.

While Yahoo hasn't mentioned how many accounts were compromised, it regrets the attack happened, and claims it wants to assure users that the company takes "the security of their data very seriously."

For those affected, you'll be asked to change your password the next time you log in to Yahoo Mail. In the meantime, if you use the same password on multiple sites, make sure to give those a quick change, too, just to be sure.

Source: Yahoo, Gizmodo

Permalink

A quick security suggestion:

Don't use the same password across multiple sites. If you absolutely have to because you're terrible at remembering things, at the very least keep your e-mail account password different from your regular one. Your e-mail inbox is the easiest way to gain access to everything else you're connected to.

Dead Raen:
A quick security suggestion:

Don't use the same password across multiple sites. If you absolutely have to because you're terrible at remembering things, at the very least keep your e-mail account password different from your regular one. Your e-mail inbox is the easiest way to gain access to everything else you're connected to.

Agreed. Also make sure your PayPal, Amazon, etc. online accounts have different passwords. It's one thing to have your email hacked, but when there's money involved, it gets messier.

*sigh*
This is like the 5th time I've had to change my password for Yahoo because of a security breach on Yahoo's end. Not gonna lie, it's getting kinda annoying.

This will mean at least one person might know my Yahoo password, because I can never remember it.

Neronium:
*sigh*
This is like the 5th time I've had to change my password for Yahoo because of a security breach on Yahoo's end. Not gonna lie, it's getting kinda annoying.

Me too. I've had people log into my account and send spam email to my contacts. My log-in history said it was a mobile phone from Mexico and Eastern Europe. I just changed my password and moved on. I'm finally diversifying my passwords from the 1 I used all through the 2000's.

 

Reply to Thread

Your account does not have posting rights. If you feel this is in error, please contact an administrator. (ID# 72787)