Yahoo Inc. has announced via their Tumblr account that they had detected attacks against some Yahoo Mail accounts which tried to gain unauthorized access to Yahoo Mail accounts.
Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.
Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails," he said.
"We regret this has happened and want to assure our users that we take the security of their data very seriously," Rossiter wrote.
Yahoo has been resetting email accounts that were targeted in an attack apparently aimed at collecting personal information from recently sent messages, the company said Thursday.
The list of usernames and passwords used for the attack was likely collected when another company's database was breached, Jay Rossiter, a Yahoo senior vice president, said in a blog post. He didn't name the third party or say how many accounts were affected.
"We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack," Rossiter wrote.
Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
What we're doing to protect our users
- We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
- We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
- We have implemented additional measures to block attacks against Yahoo’s systems.
source - YAHOO
0 comments
Post a Comment