Yahoo! Mail usernames and passwords stolen in latest breach
Yahoo! Mail is the second largest email service in the world and many of its user's names and passwords have been stolen in the latest security breach. Yahoo!'s blog has a recent post that states, "Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems."
Yahoo! has 273 million accounts, yet the extent of the security breach has not been fully explained. Instead, Yahoo!'s blog post states, "security attacks are unfortunately becoming a more regular occurrence," which isn't news. Yahoo said the usernames and passwords weren’t collected from its own systems, but from a third-party database. Usernames and passwords can be used for identity theft as well as signing into other services because many people tend to use the same password across services.
The latest breach comes to Yahoo! just as it is striving to regain respectability. The company's profile has been high behind some recent acquisitions and bolstering of their key services. The company stated the steps they are willing to take.
What we’re doing to protect our users
-
We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
-
We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
-
We have implemented additional measures to block attacks against Yahoo’s systems.
What you can do to help keep your accounts secure
In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.
We regret this has happened and want to assure our users that we take the security of their data very seriously.
For more information, please check our Customer Care help page.
By Jay Rossiter, SVP, Platforms and Personalization Products
Reader Comments