Yahoo acknowledged late Thursday that its email service has been compromised by a "coordinated effort" to gain usernames and passwords to Yahoo Mail accounts.
The company said on its official blog that it believed that the attackers were attempting to access the accounts using credentials that had been obtained from a breach of another company's user database.
It did not identify that company.
"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts," the company wrote on its Tumblr blog.
A Yahoo spokeswoman declined to say how many accounts had been compromised or provide a detailed description, saying that it was the subject of an investigation by federal law enforcement.
Yahoo Mail is the second largest email provider -- behind Google's Gmail -- with 273 million accounts, around a third in the United States.
People frequently use the same passwords on multiple accounts, so hackers attempt to use credentials stolen in one breach to break into multiple types of accounts.
"We have no evidence that they were obtained directly from Yahoo's systems," the company said.
The company said on its blog that it had prompted users to reset passwords to protect their accounts.
Here's what Yahoo recommends to keep your account secure:
- Change your password regularly.
- Never use the same password on multiple sites, a practice Yahoo says makes people particularly vulnerable.
- Use different variations of letters, numbers and symbols.
- Beware of "phishing" emails that ask you to update passwords or enter other personal information.
ReutersCopyright © 2014, The Baltimore Sun