Breaking News

FBI Will Release Statement Today Linking North Korea to Sony Hack
Tweet TWEET

Yahoo Identifies Effort to Break Into Users’ Accounts

Yahoo! Inc. (YHOO), the biggest U.S. Web portal, said it recently identified an effort to break into some users’ Yahoo Mail e-mail accounts.

The list of names and passwords used in the attack was probably taken from a third-party database, Yahoo said yesterday in a blog post. The company said it acted immediately to protect users by prompting holders of affected accounts to reset their passwords and that it’s working with federal law enforcement agencies to find out who was responsible.

The breach follows other issues in the past year with Yahoo Mail, which has more than 100 million daily users. Chief Executive Officer Marissa Mayer has been criticized by some customers for changes she’s made to the organization and design of the service, and Mayer apologized in December for “compounding issues,” including lost messages, users being shut out and trouble with access to other e-mail programs.

There is no evidence that the data was stolen from Yahoo’s computer network, and the third-party database contained user names and passwords that people had used to log in to Yahoo and other sites, said DJ Anderson, a company spokeswoman. The incident highlights the importance of changing passwords regularly across sites, she said. Anderson declined to name the third party or to give the number of accounts involved.

Photographer: David Paul Morris/Bloomberg

Yahoo! Inc., the biggest U.S. Web portal, said it recently identified an effort to break into Yahoo Mail e-mail accounts. Close

Yahoo! Inc., the biggest U.S. Web portal, said it recently identified an effort to... Read More

Close
Open
Photographer: David Paul Morris/Bloomberg

Yahoo! Inc., the biggest U.S. Web portal, said it recently identified an effort to break into Yahoo Mail e-mail accounts.

“Security attacks are unfortunately becoming a more regular occurrence,” the Sunnyvale, California-based company said on its blog. “We regret this has happened and want to assure our users that we take the security of their data very seriously.”

‘Weakest Point’

Free Internet e-mail accounts are particularly susceptible to this kind of breach because they don’t require users to routinely change their passwords, unlike corporate networks, said Lawrence Pingree, a research director at Gartner Inc. (IT) focused on cybersecurity.

“Passwords are a miserable failure,” he said. “We just need to concede that the use of passwords alone is just no longer good enough -- the story here is that we continually see passwords as the weakest point in our security.”

Yahoo shares gained 1.2 percent to $35.31 at the close in New York before the announcement.

To contact the reporter on this story: Jordan Robertson in San Francisco at jrobertson40@bloomberg.net

To contact the editor responsible for this story: Pui-Wing Tam at ptam13@bloomberg.net

Press spacebar to pause and continue. Press esc to stop.

Bloomberg reserves the right to remove comments but is under no obligation to do so, or to explain individual moderation decisions.

Please enable JavaScript to view the comments powered by Disqus.