You could be forgiven for thinking hackers have been having a field day lately with American companies, from Target to Neiman Marcus and now Yahoo. The internet giant announced Thursday that a coordinated attack had broken into Yahoo Mail accounts using malicious software.
Yahoo did not disclose the number of email accounts that were compromised, but the company advised users to change their passwords. It also said its own security was not breached, and that the leak probably resulted from a successful hack attack on another company. That breach would have allowed hackers to access customer information. Since many people reuse passwords for multiple accounts, the hackers were able to use the information to gain entry to Yahoo Mail accounts.
"We have no evidence that they were obtained directly from Yahoo’s systems," the company said on its blog. But it admitted that cybersecurity attacks are "unfortunately becoming a more regular occurrence" -- telling everyone who hasn't been living under a rock what they already know.
As attacks grow more frequent, companies are no longer able to issue a simple mea culpa to their customers. Indeed, Target and Neiman Marcus, both high-profile recent victims of hack attacks, are now trying to hold onto customers by offering them one year of free credit monitoring and identity-theft protection. The Target data theft reportedly affected some 100 million customers, and the Neiman Marcus attack as many as 1.1 million.
Following the attack on Yahoo, the tech company reset affected users' passwords and assured users that it had implemented additional safeguards to protect their information. It also urged users to create strong passwords, to change them regularly and not to use the same password for multiple accounts.
"Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks," the company said.