In a blog post published on Thursday, the California-based Internet corporation said it identified “a coordinated effort to gain unauthorized access to Yahoo Mail accounts.”
“The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails,” Yahoo said in its statement.
According to the company, “the list of usernames and passwords that were used to execute the attack” was snatched from a third-party company which the Internet giant did not disclose.
Yahoo has not released any more details about the attack beyond the information in its blog post and says it is working with US federal authorities in order to “find and prosecute the perpetrators responsible for this attack.”
In order to prevent unauthorized access to its users’ accounts, Yahoo is using second sign-in verification to allow users to gain access to their accounts.
“Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account,” the company said.