Last Thursday Yahoo released a security notice saying unspecified number of Yahoo Mail users got ( usernames and passwords) compromised. As per the yahoo press, the account compromised took place via third party database, and Yahoo has taken reactive steps of resetting the passwords of affected users.
Its unclear from Yahoo that why they allowed third part uses to access their customer’s email address and password. This also throws a question about how Yahoo conducts business and whom are they associated with, when user believes to have their information with yahoo. However none of those information was disclosed in their statement which makes this incident a big one.
“Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems,” says Yahoo senior vice president of platforms Jay Rossiter.
Furthermore in a statement from Yahoo says they are investigating on this issue “ Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts”
This has been a second issue since start of 2014. Marissa Meyer apologized last month for day long downtime of Yahoo mail and this sound like a big one for Yahoo.