Yahoo! Inc. (YHOO), the biggest U.S. Web portal, said it recently identified an effort to break into some users’ Yahoo Mail e-mail accounts.
The list of names and passwords used in the attack was probably taken from a third-party database, Yahoo said yesterday in a blog post. The company said it acted immediately to protect users by prompting holders of affected accounts to reset their passwords and that it’s working with federal law enforcement agencies to find out who was responsible.
The breach follows other issues in the past year with Yahoo Mail, which has more than 100 million daily users. Chief Executive Officer Marissa Mayer has been criticized by some customers for changes she’s made to the organization and design of the service, and Mayer apologized in December for “compounding issues,” including lost messages, users being shut out and trouble with access to other e-mail programs.
There is no evidence that the data was stolen from Yahoo’s computer network, and the third-party database contained user names and passwords that people had used to log in to Yahoo and other sites, said DJ Anderson, a company spokeswoman. The incident highlights the importance of changing passwords regularly across sites, she said. Anderson declined to name the third party or to give the number of accounts involved.
“Security attacks are unfortunately becoming a more regular occurrence,” the Sunnyvale, California-based company said on its blog. “We regret this has happened and want to assure our users that we take the security of their data very seriously.”
Free Internet e-mail accounts are particularly susceptible to this kind of breach because they don’t require users to routinely change their passwords, unlike corporate networks, said Lawrence Pingree, a research director at Gartner Inc. (IT) focused on cybersecurity.
“Passwords are a miserable failure,” he said. “We just need to concede that the use of passwords alone is just no longer good enough -- the story here is that we continually see passwords as the weakest point in our security.”
To contact the editor responsible for this story: Pui-Wing Tam at firstname.lastname@example.org