Hackers have carried out a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Yahoo said in its official blog that –Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts. The hackers were apparently looking for names and email addresses in the most recently sent emails of affected users.
Company said that it had already alerted those affected, and is working with federal law enforcers to find the perpetrators. Although Yahoo didn’t revealed how many accounts were affected, but it is the second-largest webmail provider in the world, with nearly a quarter of a billion accounts, so if it were only a few dozen accounts. The list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. There is no evidence that they were obtained directly from Yahoo’s systems. Firm said that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.
Company mentioned several steps taken to protect user account, which are listed below.
- We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
- We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
- We have implemented additional measures to block attacks against Yahoo’s systems.
Kumar via https://www.binarycse.com/