On Thursday Yahoo said that email accounts were forced to reset after a hacker attacked the service in order to acquire personal information from the user's recently sent messages.
Jay Rossiter, a Yahoo Senior Vice President said, that the suspect's username and passwords that were used for the attack were likely collected from data breach with another company. The third party company's name was not released.
Rossiter wrote in an official statement, “We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack. The hackers used a malicious software program to access email accounts with the stolen usernames and passwords.”
Free email services such as Google, Yahoo and Microsoft make for excellent targets for hackers who want to delivering spam in order to launch attacks and acquire private information. However, Rossiter never stated where the attacks occurred. A Yahoo spokesman said that the company could not share information while the investigation is still ongoing.
Yahoo did say that it would be resetting passwords for those users whose accounts were affected and would also be using the second sign-in verification system to ensure users that their accounts were secure. This feature would send a one-time passcode to the user’s phone and could be entered into a Web-based form to access the account.
Rossiter continued by stating that, “Yahoo has also implemented additional measures to block attacks against Yahoo’s systems. We regret this has happened and want to assure our users that we take the security of their data seriously.”
He advised that all users change their passwords on a regular basis and not reuse the same password for their Yahoo Mail on other Web services.