As evidence to why users should not use the same usernames and passwords across sites, it appears that data collected from recent breaches was used to massively hack into user email accounts at Yahoo. Yahoo recognized the attack and has taken steps to reset passwords. Their Security Update was posted on Tumblr today.
According to Yahoo they are taking steps to protect users:
- We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts. Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account.
- We are working with federal law enforcement to find and prosecute the perpetrators responsible for this attack.
- We have implemented additional measures to block attacks against Yahoo’s systems.