Yahoo has detected a coordinated effort to illegally access its mail accounts, after which it is resetting passwords of all the effected accounts.
The internet company is working with federal law enforcement to investigate the issue and revealed that hackers collected lists of user names and passwords from a third-party database and used to execute the attack.
Yahoo Platforms and Personalisation Products SVP Jay Rossiter said that currently there is no evidence that they were obtained directly from Yahoo's systems.
"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts," Rossiter said.
"The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails.
According to the company, currently second sign-in verification is being used to allow users to re-secure their accounts, while users will be notified to change their password via an email notification or an SMS text if a mobile number is added.
"In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services," Rossiter suggested.
"Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks."