Yahoo is moving forward with the cleanup process following a data breach which resulted in the loss of some 450,000 usernames and password.
The company said that following an investigation it had concluded that the stolen data was collected from a file containing usernames and passwords for Associated Content sites. Yahoo acquired the paid blogging firm in 2010.
Because the data was limited to Associated Content sites, the company said that no Yahoo usernames or passwords were directly lifted in the breach. The company is, however, asking users who joined Associated Content using their Yahoo address prior to 2010 to complete a recovery process which will reset credentials.
"We have taken swift action and have now fixed this vulnerability, deployed additional security measures for affected Yahoo users, enhanced our underlying security controls and are in the process of notifying affected users," the company said.
"In addition, we will continue to take significant measures to protect our users and their data."
Yahoo has moved quickly to address the breach, which is believed to have occurred on 11 July. A hacking group known as D33D Company uploaded a series of encrypted passwords to a third-party site on Thursday, claiming that the breach was not a malicious effort but rather a call for Yahoo and other web application providers to beef up their security protections.
While the incident has proven embarrassing for Yahoo, the danger to users appears to be minimal. The company has estimated that just five per cent of the compromised passwords would have allowed an attacker to actually log into a user's Yahoo account.
Dr Kuan Hon criticises GDPR consent emails that will only eviscerate marketing databases and 'media misinformation'
Apple squashes Steam Link app on 'business conflicts' grounds
Philip Hammond wants to forget rules that the UK agreed with the EU to ban non-European companies from the satellites
Instapaper to 'go dark' in Europe until it can work out GDPR compliance