Yahoo says that there was a coordinated effort to gain unauthorized access to Yahoo Mail accounts. So, if contacts say they’ve been receiving spam e-mail from your address, this may be why.
The company says usernames and passwords were compromised. Yahoo! say their investigation reveals that usernames and passwords used in the attack were probably collected from third-party database and not directly from Yahoo’s database. They didn’t elaborate as to what that database might be and why it had access to that information. Yahoo! has close to 300 million email customers, but they didn’t say how many were affected by this breach.
The attackers were looking for names and email address from the accounts most recently sent e-mails.
Yahoo said they were taking several actions to counter the attack, including resetting passwords on all affected accounts and using second sign-in verification to allow users to re-secure their accounts.
Users will be prompted to change their password. If they have selected mobile notification, they will also have received a text to notifying them of the issue.
The company says it is also implementing additional unspecified measures to block against future attacks. They reminded users to change their passwords regularly and not to use the same password on multiple sites or services.
If you have other accounts that share the same log-in credentials as your Yahoo account, it’s a good idea to change them. Also, if you receive any strange e-mails from friends with Yahoo addresses, you may just want to delete them.