A recent update to the Yahoo blog notes a number of Yahoo Mail accounts compromised. The post suggests that the list of usernames and passwords had come from a third party database, not Yahoo’s own systems. Further information indicates the attackers’ target involved recent info on names and email addresses recently used in the compromised accounts.
Yahoo suggest the following for Yahoo Mail accounts compromised:
In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.
They note that they’ve taken action to reset passwords for all accounts compromised. Besides that, federal law enforcement has been involved to track down the attackers.
To read the full post with info, head over to the Yahoo Tumblr blog here.