Another database breach: Yahoo! says don't use same passwords on different accounts
Yahoo! has been hit by another bunch of credit card bandits. In the wake of the December Target blitz when upwards of 40 million credit cards were compromised , Yahoo reported dolefully on its website today, ", Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts."
Don't duplicate passwords
No numbers were given but Yahoo! said, " Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts."
There was even a hint that the earlier Target attack or other recent attacks might have been a factor.
"The list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," said Yahoo! We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails."
Yahoo said to protect their users, "We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account."
"We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
"We have implemented additional measures to block attacks against Yahoo’s systems."
Yahoo says to that to to help keep accounts secure " In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks."
"We regret this has happened and want to assure our users that we take the security of their data very seriously."