Yahoo Inc said it had detected a coordinated effort to gain unauthorized access to Yahoo Mail accounts using malicious computer software.
The company, which said there was no evidence that passwords or usernames had been obtained directly from its systems, said it had taken immediate action to protect affected users by prompting them to reset passwords.
"The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails," Yahoo also said in an announcement on its Tumblr site.
The list of usernames and passwords that were used to carry out the attack was likely collected from a compromised third-party database, Yahoo said.
The company said it had implemented additional measures to block attacks against its systems and was using second sign-in verification to allow users to re-secure their accounts. (link.reuters.com/zeg56v)
Company officials could not immediately be reached to identify the database from which the information had been taken.
(Reporting by Chandni Doulatramani in Bangalore; Editing by Ted Kerr)