Yahoo has prompted a number of its users to reset their passwords in the wake of an attack on the Yahoo Mail platform.
The hack, which apparently occurred at some point earlier in the week, exposed the names, e-mail addresses, and passwords associated with an undisclosed number of Mail accounts.
"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," reps for Yahoo wrote on the company blog. "We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts."
Yahoo says it has implemented "additional measures" to ramp up security; the company is also working with law enforcement to track down the hackers responsible for the breach. Still, as Tom Simonite of the MIT Technology Review notes, there's plenty we don't know about the incident, including which third-party database was comprised – information that would "set a precedent and raise the stakes for those with large userbases," Simonite writes.
In some ways, of course, this could be viewed as a kind of comeuppance for Yahoo, which couldn't resist thumbing its nose at Google during a recent Gmail outage. (The offending tweets: "Gmail is temporarily unavailable." And then, a few minutes later: "Gmail was temporarily unavailable but now appears to be working again.")
Yahoo subsequently removed the tweets and publicly apologized to Google.