There's no evidence that Yahoo's own systems have been hacked
Yahoo has started resetting the passwords of some users after identifying attempts to hijack their accounts. The company says there’s no evidence that its own systems have been breached.Yahoo says that cybercriminals have been trying to hack into Mail accounts by using credentials stolen from a third-party database.
Cybercriminals are well aware of the fact that many people use the same username/password combination for multiple accounts, so they know that this method can get them at least a few accounts.
Law enforcement has been called in to investigate and Yahoo has implemented additional security measures to block such attacks. It's uncertain how many users are affected.
However, as security expert Graham Cluley points out, if the cybercriminals have tried to hijack Yahoo Mail accounts, it’s possible that they’ll use the compromised credentials to target the customers of other webmail providers as well.
To prevent their accounts from being hijacked, users are advised to set different, strong passwords for each online account, and if possible, enable two-factor authentication.