Yahoo says it has identified an attempted hack on customers’ email accounts.
It said the usernames and passwords for accounts were likely to have been collected from a database owned by a third party that had been compromised.
It has reset passwords on all affected accounts and has implemented an extra verification step when users sign in.
The company said it was working with law enforcement to find out who was responsible for the attack.
It has not revealed how many Yahoo email accounts have been affected.
“Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts,” said a statement on Yahoo’s Tumblr page written by Jay Rossiter, a senior vice-president at the company.