Hackers broke into Yahoo!’s free email service, stealing the passwords and usernames of an undisclosed number of the firm’s 273 million accounts worldwide.
The company disclosed scant details of the coordinated hack attack, saying it had teamed up with federal law enforcement in the US, where 81 million accounts are registered, to investigate the security breach.
In a blog post on the company’s site, Yahoo! said "the information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."
Yahoo! said it recently discovered the breach, and suspects that malware was employed to take the user information from an undisclosed third party database.
"We have no evidence that they were obtained directly from Yahoo!'s systems," wrote Jay Rossiter, the senior vice president in charge of Yahoo!’s platforms and personalization products.
Apart from seeking out and ultimately prosecuting those responsible for the attack, Rossiter said Yahoo! had “implemented additional measures to block attacks against Yahoo!’s systems.”
The company also reset the passwords of those affected, and sent out text messages to them so that they could “re-secure their accounts.”
Yahoo! is reportedly the second-largest worldwide email service, after Google's Gmail, making it a likely target for hackers and online scammers.
The firm recognized this threat, acknowledging “security attacks are unfortunately becoming a more regular occurrence.”
"It's an old trend, but it's much more exaggerated now because the programs the bad guys use are much more sophisticated now," Avivah Litan, a security analyst at the technology research firm Gartner, told AP. "We're clearly under attack."
Analysts said that access to email accounts is part and parcel of more serious breaches which target online banking and shopping. Security experts have warned users against using one password across multiple sites, although this does not account for the problem of email accounts being used to reset passwords.
For example, hackers could attempt to log into a user’s bank account and ask for a password reminder to be sent by email.
Collecting as much information about an individual as possible also facilitates identity theft.
In December, a hardware outage in one of Yahoo!’s storage systems left around 1 million users without access to their email accounts.