Yahoo certainly had some fun kicking Gmail while it was down last week — a particularly bold move considering its own recent share of missteps. But in a bit of an uncomfortable karmic twist (at least from Yahoo’s point of view), the company has taken to Tumblr to acknowledge a recent mass of security attacks with the vaguest details possible.
Based on the announcement, while attacks on Yahoo Mail accounts are becoming a “regular occurrence”, its the most recent (and presumably largest) security breach that’s prompted Yahoo to take action. According to the update:
Recently, we identified a coordinated effort to gain unauthorised access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.
Yahoo claims that all of the usernames and passwords that may have been compromised came from some “third-party database” and that it “has no evidence that they were obtained directly from Yahoo’s systems”. By lifting the usernames and passwords from Yahoo Mail users, the attackers were apparently looking to acquire the names and email addresses of the affected accounts’ most recent sent messages.
If your account was in fact one of the ones affected, Yahoo should be automatically resetting your password, and you’ll be prompted to change it the next time you log in. Yahoo will also be taking unspecified “additional measures”. Comforting. [Yahoo]