Yahoo has said that it will be resetting passwords of several users after it identified a “coordinated effort to gain unauthorised access” to those users Yahoo Mail accounts. The company did not share much detail about the attack, like how many accounts were affected.
It did say, however, that the attackers used information from a third-party whose database was compromised; and that there was no evidence that the information came from Yahoo’s own systems.
Yahoo has said that impacted accounts will have their passwords reset and will require users to verify themselves. Users may also receive an email notification or SMS alert – the latter if the user has added their mobile number to their account. It has also confirmed that they will work with law enforcement to find and prosecute the attackers.
via Yahoo Blog