Have
your friends recently texted you about spam originating from your Yahoo Mail
account? If so, that may be because you (and many of your friends) were hacked.
Yahoo acknowledged Thursday that attackers now own an undisclosed number of
usernames and passwords to Yahoo Mail accounts. In a blog post, Jay Rossiter,
the senior vice president in charge of Yahoo’s platforms and personalization
products, wrote that the attackers had most likely hacked an external, third-party
database and obtained the information there.
“We
regret this has happened and want to assure our users that we take the security
of their data very seriously,” Rossiter wrote. Yahoo did not say how many
accounts had been compromised, nor when the attacks had taken place. However,
the company says it began notifying users that the attacks had taken place, and
had begun using second sign-in verification to allow users to re-secure their
accounts. Users who have been affected, unsurprisingly, will be asked to change
their password, and may receive an SMS text to that effect, Yahoo said.
Yahoo
said that it was working with federal law enforcement to find the culprits and
would take further precautions to prevent this from happening again.
Finally,
Rossiter stated the obvious: “In addition to adopting better password practices
by changing your password regularly and using different variations of
symbols
and characters, users should never use the same password on multiple sites or
services,” he wrote. “Using the same password on multiple sites or services
makes users particularly vulnerable to these types of attacks.”
In
December, Yahoo Mail went down for several days, stranding about 1 million
users of the service without email—or word from the company. While the outage
began
on Monday, it was Friday before CEO Marissa Mayer apologized on behalf of the
company.
However,
this week Mayer touted Yahoo Mail and services like Flickr as “a strong
foundation for revenue growth,” even as that revenue fell by 6 percent compared
with a year ago.