Yahoo announced Thursday that hackers compromised usernames and passwords from customers using its email service. The company said the data stolen includes information on people that those users have recently corresponded with.
Jay Rossiter, Yahoo’s senior vice president of Platforms and Personalization Products, said in Yahoo’s Tumblr blog that the information was “likely collected from a third-party database compromise” and that they “have no evidence that [the information] was obtained directly from Yahoo’s systems.”
According to Yahoo, the usernames and passwords were used to gain access to the names and email addresses of users’ most recent sent mail.
The Associated Press speculates that this would allow attackers to send spam and scam messages to others using people’s real names in order to appear more legitimate. The usernames and passwords could also be used to gain access to third-party accounts if account holders have the same email logins and passwords for multiple sites.
This is among the latest in a number of recent high-profile security breaches. Target, Neiman Marcus and Michael’s were recently hacked for their customer’s financial information.
Yahoo said they are working with federal law enforcement in an investigation into the attack and have put new measures in place to prevent future attacks. Impacted users will be notified via email or text message.