Save over 40% when you secure your tickets today to TNW Conference 💥 Prices will increase on November 22 →

This article was published on January 30, 2014

Yahoo discovers ‘unauthorized access’ to Yahoo Mail accounts, resets passwords on impacted accounts


Yahoo discovers ‘unauthorized access’ to Yahoo Mail accounts, resets passwords on impacted accounts

Users of Yahoo mail should be aware of a security issue with the email service. Yahoo acknowledged that it has identified a “coordinated effort” by some person or group to gain “unauthorized access” to accounts. The company didn’t state how many accounts were affected, but it turns out that those impacted have been prompted to reset their passwords.

Yahoo was clear to state that it has no evidence that the attempted hacking attack came as a result of its systems being compromised. It turns out that malicious computer software was the culprit that helped someone obtain names and email addresses from affected accounts’ most recent sent emails. The company said that it was likely from a third-party database that featured the list of usernames and passwords.

So what’s being done? Yahoo is resetting passwords and implementing second sign-in verification. The company is also working with federal law enforcement agencies to find out who is responsible. Additional measures are also being implemented to help secure Yahoo’s systems.

Two-factor authentication has already been available for a couple of years — Yahoo released it to its Mail users back in 2011. In this instance, Yahoo is probably turning it on for those that have been impacted by this security breach.

This is the latest attempt by hackers to gain access to Yahoo Mail. In 2013, there were multiple instances, including in January when an XSS exploit was to blame for 400 million Yahoo users having their accounts accessed. Following that, the company quietly rolled out an HTTPS option that offers better protection. Last April, the service experienced another attack.

Yahoo says that if your account has been affected, you’ll receive an email notification or an SMS text if a mobile number is linked to the account.

Photo credit: Justin Sullivan/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top