Yahoo Mail has announced that it has identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts, and following the identification of security breach it is resetting the passwords for effected user accounts. There is not much information available at the moment regarding how it happened and the number of users effected due to this security breach.
Yahoo says the usernames and passwords that were used in the attack were likely obtained from third-party database compromise. Likely these users used the same passwords and usernames for their accounts. If you are using same passwords across different sites, stop that practice and use different passwords for each site.
What you can do to help keep your accounts secure
In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.
We regret this has happened and want to assure our users that we take the security of their data very seriously.
Yahoo is resetting these passwords and if you are in the list of affected accounts you should get an SMS if you have a phone number associated with your account. You could also use 2-factor authentication to protect your account. Yahoo says it is working with federal law enforcement to fid the perpetrators responsible for the attack.