Several Yahoo Mail subscribers have had their usernames and passwords exposed, the company announced late last night. This hack was due to a third party database, and Yahoo has taken the safeguard action of resetting the passwords of affected users. According to what Yahoo senior VP Jay Rossiter said in a Tumblr post
“Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts, The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails … We have no evidence that they were obtained directly from Yahoo’s systems.”
What we don’t see Rossiter talk about, is who the culprit (third-party database) that contained all the emails is. Worry not, if your account was among the affected, as Yahoo has reset your password automatically — and you should be getting an email or text message (if you’ve set up two-factor authentication) with more information.