Another day, another breach. In yet another reminder of the importance of using different passwords across different websites, Yahoo said last week that attackers had attempted to gain access to Yahoo Mail accounts using usernames and passwords collected from a breach on a third-party site.
“Recently, we identified a coordinated effort to gain unauthorised access to Yahoo Mail accounts,” Jay Rossiter, Yahoo’s senior vice president for platforms and personalisation products, wrote in a blog post last week. “Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise.”
Rossiter did not say how many accounts were affected, only that Yahoo had reset passwords for affected accounts and added two-step verification, a system that asks users to enter a second, one-time password. The company said it was also working with law enforcement to investigate the breach and had stepped up security on its systems.
Yahoo was affected by a similar attack in 2012, when hackers stole 400,000 usernames and passwords from a Yahoo contributor network. And earlier this year, Yahoo was the target of an attack in which cybercriminals planted malware in advertisements served on Yahoo’s site. When the ad was clicked, the attackers were able to use victims’ computers to mine for Bitcoins, the virtual currency.