1/30/2014 Yahoo Email data compromised
There was a significant exposure of non-financial information for users of Yahoo email. The scale (the actual number of accounts compromised) has not been disclosed by Yahoo. Yahoo email has 81 million users in the US and 273 million around the world. The scope (what was compromised) is reported to be user names and passwords.
First reported on TheWire.Com (emphasis ours)
Late Thursday [ 1/30/2014 ] Yahoo! acknowledged hackers accessed a number of its Mail accounts through a third party and that the affected accounts must now reset their passwords. If you didn’t know your Yahoo! Mail password, you’re in luck.
In a post on the company blog, Yahoo! says their servers are still safe. But the company acknowledged hackers used a “third-party database compromise” to log in to multiple Yahoo! Mail accounts. The hackers seemed to target “names and email addresses from the affected accounts’ most recent sent emails,” the company said. Yahoo! did not disclose how many accounts were affected.
Source: http://www.thewire.com/technology/2014/01/yahoo-mail-accounts-hacked-hacked-through-third-party/357558/
Second after Google’s Gmail, Yahoo provides 273 million email accounts around the world with 81 million of them for the United States.
Source: http://hosted.ap.org/dynamic/stories/U/US_TEC_YAHOO_SECURITY_BREACH
In addition to contacting the known affected Yahoo posted this on their Tumblr blog:
Important Security Update for Yahoo Mail Users
Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.
Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
more at: http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users