A bad month for Yahoo Mail just got worse. The company said today that it has detected "a coordinated effort" to hack into Yahoo Mail accounts, and reset passwords for the accounts that are affected. A spokeswoman declined to say how many accounts were affected, and said the company is working with federal law enforcement as part of its investigation.
The attack on Yahoo appears to be indirect: In a post on its official Tumblr, Yahoo said that attackers apparently obtained a list of usernames and passwords from a third-party database and used it in an effort to gain unauthorized access to victims' accounts. "We have no evidence that they were obtained directly from Yahoo's systems," the company said.
Users who have associated a phone number or secondary email address with their account may be required to use it to regain access to their account. The company said it has also implemented unspecified "additional measures" to prevent future attacks like this one. "We regret this has happened and want to assure our users that we take the security of their data very seriously," the company said.