INTERNET PORTAL Yahoo has warned that a hacking attack on its users has forced it to reset some account passwords.
It said that usernames and passwords could have been taken in an assault on a third party server, but didn't identify the victim. However, it did say that the lost data came from recently sent emails.
"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo's systems," it said.
"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."
Yahoo said it is doing all it can to get its house back in order, and suggested that in the present hacking climate, users are well advised to use strong passwords.
Affected users will find that Yahoo has reset their passwords and they will have to re-secure their accounts with a second signon verification, either via email or SMS depending on the user.
"We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack. We have implemented additional measures to block attacks against Yahoo's systems," it added.
"Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks. We regret this has happened and want to assure our users that we take the security of their data very seriously." µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted