The company said on its official blog that it believed that the attackers were attempting to access the accounts using credentials that had been obtained from a breach of another company’s user database. It did not identify that company.
People frequently use the same passwords on multiple accounts, so hackers attempt to use credentials stolen in one breach to break into multiple types of accounts.
“We have no evidence that they were obtained directly from Yahoo’s systems,”
the company said on its blog.
A Yahoo spokeswoman declined to say how many accounts had been compromised or provide a detailed description, saying that it was the subject of an investigation by federal law enforcement.
The company said on its blog that it had prompted users to reset passwords to protect their accounts.
Source : reuters