Yahoo said it reset passwords for an unspecified number of accounts after detecting an unfolding hack-attack campaign.
"Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts," said Jay Rossiter, who's in charge of Yahoo's platforms and personalization products, in an "important security update for Yahoo Mail users" blog post. Some related notifications, however, have yet to be made.
To help users recover their accounts, Yahoo said it may force users to employ second sign-in verification -- its version of two-factor authentication -- which sends a six-digit code via SMS to a user's registered mobile phone number, provided they have one on file.