Some of Yahoo’s email accounts were compromised, in what the company termed “a coordinated effort to gain unauthorized access to Yahoo Mail accounts”.
Yahoo immediately reset the passwords for the affected accounts and stepped up their security by taking additional measures to prevent such attacks. The company is also working with federal law enforcement to find out the culprits responsible for this attack.
After analyzing the attack, Yahoo determined that the list of usernames and passwords that were used to execute the attack was possibly harvested from malicious computer software. They found no evidence that the login information was obtained from their own systems, but acknowledged that the attackers targeted names and email addresses from the affected accounts’ recently sent emails. However they have not announced the number of accounts which were compromised.
In a way to restore the compromised accounts to their rightful owners, Yahoo have reset the passwords and enabled the second sign-in verification system, aka the Two-factor authentication system for the compromised accounts. They have said that affected users will receive an email notification or an SMS text if they have added to their email account.