Yahoo has announced it has detected a mass hack attempt on Yahoo Mail. In a statement posted on its Tumblr page, the company called the mass hack a “coordinated effort to gain unauthorized access to Yahoo Mail accounts”.
It however refused to disclose the number of accounts that were affected.
“It’s possible that they’ve yet to nail down an exact number. Given that it was enough to disclose the news in a public blog post, it’s presumably a non-trivial amount,” TechCrunch said.
Indications however emerged that Yahoo’s own servers were compromised — instead, it looks like someone is firing off a bunch of login attempts using emails/passwords secured from an unnamed “third-party database compromise”.
“The attackers got someone else’s database of usernames/passwords, and are mass-checking for accounts that use them same credentials on Yahoo Mail,” TechCrunch suggested.
In response to the attack, Yahoo has reset the passwords of all accounts that appear to have been affected.
If you’re trying to log in and Yahoo is asking you to change your password and verify your identity via SMS, this is probably why.
