Antivirus software provider Bitdefender urges users to change passwords immediately, after hackers breached Yahoo! Mail services again. The worldâ€™s second-largest email service provider identified a coordinated effort to gain unauthorized access to usersâ€™ accounts, according to a blog post.
The series of usernames and passwords used to execute the attack was likely collected from a compromised third-party database. Yahoo! already sent e-mails prompting affected clients to reset passwords. Notifications are also sent via SMS texts if mobile numbers were linked to the accounts.
“We have no evidence that they were obtained directly from Yahooâ€™s systems,â€ said Yahooâ€™s SVP Platforms and Personalization Products Jay Rossiter. â€œOur ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accountsâ€™ most recent sent emails.â€
The tech company is working with federal law enforcement to find and prosecute the hackers responsible for the attack. In July 2012, more than 450,000 e-mail addresses and passwords were stolen from Yahoo! after hackers managed to breach the service.
“At Yahoo! we take security very seriously and invest heavily in protective measures to ensure the security of our users and their data across all our products,” Yahoo! said at the time.
After the latest attack, the company said: â€œWe regret this has happened and want to assure our users that we take the security of their data very seriously.â€
Bitdefender researchers recently spotted several bad ads injected in Yahoo! Insider through malvertising techniques. In May 2013, Yahoo! Mail also got blocked by browsers in a complex malvertising chain reaction.
Users are advised to reinforce their passwords and change them regularly. They may also enable two-factor authentication, which requires a code texted to their mobile phone whenever a login attempt is made from a new computer.
In January, the word â€œpasswordâ€ was ousted by â€œ123456â€ as the most popular (and worst) password in 2013, after two years in the spotlight.