The company says a list of user names and passwords ‘was likely collected from a third-party database compromise.’

Yahoo recently announced that it had “identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” and had responded by resetting the passwords of all affected accounts and requiring some users to implement two-factor authentication (h/t Graham Cluley).

It’s not clear from the announcement how many accounts are affected.

“Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise,” Yahoo senior vice president for platforms and personalization products Jay Rossiter wrote in a blog post detailing the breach. “We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.”

“The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails,” Rossiter added.

As Graham Cluley notes, it’s crucial when choosing a password to select one that’s hard to guess, and never to use the same password on more than one site. A password manager like LastPass, 1Password, RoboForm or KeePass can make that process far simpler.

I ama fan of LastPass myself.

Via: esecurityplanet