Over the past weeks, Yahoo identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. According to Yahoo, a list of Yahoo email credentials was garnered through a database compromise from an entity other than Yahoo. The list was then used to launch a coordinated attack on Yahoo email accounts. Yahoo provided a statement that there was “no evidence that they were obtained directly from Yahoo’s systems” and that they are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack. Additionally, Yahoo immediately reset passwords on the accounts believed to have been compromised and have flagged those accounts as having to use a second sign-in verification in order for users to re-secure their accounts. Users attempting to login to those accounts will be prompted to change their password and will be notified via an SMS text and/or an email sent to a secondary email account notifying them of the change.
Yahoo’s official statement on the matter can be found here http://yahoo.tumblr.com/post/75083532312/important-security-update-for-yahoo-mail-users