On Thursday, Yahoo announced its email service had been hit by a coordinated cyberattack resulting in the usernames and passwords of an undisclosed number of Yahoo Mail accounts to be compromised. The company said the information was stolen from a third party database. The accounts were then accessed to gather information about recently emailed addresses. It’s the second email problem in the last two months for Yahoo and the company said it took immediate action to minimize the damage to users whose accounts were involved.
Yahoo’s Jay Rossiter outlined the breach in a blog post on Thursday.
Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
There are 273 million Yahoo email accounts worldwide, making it the second largest email provider behind Google’s Gmail, according to the Associated Press. Eighty-one million of those accounts are in the U.S. Here are some of the potential implications of the security breach from the AP:
[It] could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients…The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many people reuse passwords across many sites, and also because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.
TODAY IN SLATE
I was hit by a teacher in an East Texas public school. It taught me nothing.
Chief Justice John Roberts Says $1,000 Can’t Buy Influence in Congress. Looks Like He’s Wrong.
After This Merger, One Company Could Control One-Third of the Planet's Beer Sales
Hidden Messages in Corporate Logos
If You’re Outraged by the NFL, Follow This Satirical Blowhard on Twitter
Giving Up on Goodell
How the NFL lost the trust of its most loyal reporters.