“We have no evidence that they were obtained directly from Yahoo’s systems,” Jay Rossiter, SVP, Platforms and Personalization Products said in a Tumblr post. “Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”
This is the latest issue for Yahoo Mail, which came under fire last month for an outage that lasted up to a week for many users. Users were unable to sign-in to their email accounts for the duration of that outage in December, and Yahoo struggled to communicate the issue with its customers until the outage had been resolved.
Yahoo Mail has around one hundred million daily users (according to a recent report by PCMag) so even if a small percentage were affected by the breach, it is still significant. Yahoo made many investments in its email service last year, including apartnership with Dropbox for users to more effectively manage email attachments.
Like web hosting, email is an essential service to many users, and there is a low tolerance for downtime, as evidenced recently by Gmail’s hour-long outage last week.