Bloomberg the Company & Products

Bloomberg Anywhere Login

Bloomberg

Connecting decision makers to a dynamic network of information, people and ideas, Bloomberg quickly and accurately delivers business and financial information, news and insight around the world.

Company

Financial Products

Enterprise Products

Media

Customer Support

  • Americas

    +1 212 318 2000

  • Europe, Middle East, & Africa

    +44 20 7330 7500

  • Asia Pacific

    +65 6212 1000

Communications

Industry Products

Media Services

Follow Us

Yahoo Identifies Effort to Break Into Users’ Accounts

Don't Miss Out —
Follow us on:
Yahoo! Headquarters in Sunnyvale, California
Yahoo! Inc., the biggest U.S. Web portal, said it recently identified an effort to break into Yahoo Mail e-mail accounts. Photographer: David Paul Morris/Bloomberg

Jan. 31 (Bloomberg) -- Yahoo! Inc., the biggest U.S. Web portal, said it recently identified an effort to break into some users’ Yahoo Mail e-mail accounts.

The list of names and passwords used in the attack was probably taken from a third-party database, Yahoo said yesterday in a blog post. The company said it acted immediately to protect users by prompting holders of affected accounts to reset their passwords and that it’s working with federal law enforcement agencies to find out who was responsible.

The breach follows other issues in the past year with Yahoo Mail, which has more than 100 million daily users. Chief Executive Officer Marissa Mayer has been criticized by some customers for changes she’s made to the organization and design of the service, and Mayer apologized in December for “compounding issues,” including lost messages, users being shut out and trouble with access to other e-mail programs.

There is no evidence that the data was stolen from Yahoo’s computer network, and the third-party database contained user names and passwords that people had used to log in to Yahoo and other sites, said DJ Anderson, a company spokeswoman. The incident highlights the importance of changing passwords regularly across sites, she said. Anderson declined to name the third party or to give the number of accounts involved.

“Security attacks are unfortunately becoming a more regular occurrence,” the Sunnyvale, California-based company said on its blog. “We regret this has happened and want to assure our users that we take the security of their data very seriously.”

‘Weakest Point’

Free Internet e-mail accounts are particularly susceptible to this kind of breach because they don’t require users to routinely change their passwords, unlike corporate networks, said Lawrence Pingree, a research director at Gartner Inc. focused on cybersecurity.

“Passwords are a miserable failure,” he said. “We just need to concede that the use of passwords alone is just no longer good enough -- the story here is that we continually see passwords as the weakest point in our security.”

Yahoo shares gained 1.2 percent to $35.31 at the close in New York before the announcement.

To contact the reporter on this story: Jordan Robertson in San Francisco at jrobertson40@bloomberg.net

To contact the editor responsible for this story: Pui-Wing Tam at ptam13@bloomberg.net

Please upgrade your Browser

Your browser is out-of-date. Please download one of these excellent browsers:

Chrome, Firefox, Safari, Opera or Internet Explorer.