Yahoo thwarts web mail cyber attack


Yahoo claims to have thwarted a bid by hackers to gain unauthorised access to its users' email accounts.

The internet giant said in a blog post the list of user usernames and passwords needed to carry out the attack is likely to have been obtained from an attack on a third-party database.

"We have no evidence that they were obtained directly from Yahoo's systems," wrote Jay Rossiter, senior vice president of platforms and personalisation products at Yahoo.

The usernames and passwords were then used by "malicious software" to access people's accounts, according to Yahoo.

"The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails," the post continued.

The company said, upon discovering the attack, it took immediate action to protect affected users by sending out password reset prompts.

"We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts," the company said.

"Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account."

Furthermore, Yahoo said it is working with law enforcers to bring the people responsible for the attack to justice. It also moved to assure users that additional measures have been put in place to prevent further attacks on its systems.

"We regret this has happened and want to assure our users that we take the security of their data very seriously," the blog post concluded.

Caroline Donnelly is the news and analysis editor of IT Pro and its sister site Cloud Pro, and covers general news, as well as the storage, security, public sector, cloud and Microsoft beats. Caroline has been a member of the IT Pro/Cloud Pro team since March 2012, and has previously worked as a reporter at several B2B publications, including UK channel magazine CRN, and as features writer for local weekly newspaper, The Slough and Windsor Observer. She studied Medical Biochemistry at the University of Leicester and completed a Postgraduate Diploma in Magazine Journalism at PMA Training in 2006.