Yahoo Mail accounts breached through third-party database hacking
An unidentified number of Yahoo email accounts were recently breached, the company revealed this afternoon. Affected users have already been notified, and Yahoo says it's doing everything it can to both track down the perps responsible and re-secure breached accounts (not to mention everyone else's). Rather than breaching Yahoo's servers directly, email addresses and passwords were "likely" lifted from a third-party database (read: Netflix, Gmail, Facebook, etc. -- some other service with a login), according to Yahoo. "We have no evidence that they were obtained directly from Yahoo's systems," the company said. The software used to secure the stolen information accessed users accounts and attempted to sweep for "names and email address from the affected accounts' most recent sent emails."
We asked Yahoo how many accounts were affected and were told the company can't share any specifics due to an ongoing criminal investigation. Like its messaging from today, a rep told us:
"Users can help keep their data secure by adopting better password practices. They should change their password regularly, use different variations of symbols and characters, and make it a habit to never to use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks."
