Yahoo said its email service recently fell victim to a coordinated cyberattack that resulted in the compromise of an undisclosed number of user accounts.
The Sunnyvale, Calif., tech company announced the attack Thursday, saying it has taken immediate action to protect users who were affected by the breach by prompting them to reset their passwords.
Yahoo did not say how many users were affected by the attack. Yahoo Mail is the second largest email provider -- behind Google’s Gmail -- with 273 million accounts.
The company said it has found no evidence that Yahoo Mail was hacked into. Rather, the emails and passwords used to access users’ accounts were likely obtained from a third-party database that was compromised.
“Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts,” Yahoo said in a blog post.
After breaching accounts, hackers tried to obtain the emails and addresses of people whom the compromised users most recently sent messages to, Yahoo said.
Yahoo said it is working with federal law enforcement to find the hackers behind the attack. Additionally, the company said it has beefed up security to protect users from future attacks.