Yahoo claims to have thwarted a bid by hackers to gain unauthorised access to its users' email accounts.
The internet giant said in a blog post the list of user usernames and passwords needed to carry out the attack is likely to have been obtained from an attack on a third-party database.
"We have no evidence that they were obtained directly from Yahoo's systems," wrote Jay Rossiter, senior vice president of platforms and personalisation products at Yahoo.
The usernames and passwords were then used by "malicious software" to access people's accounts, according to Yahoo.
"The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails," the post continued.
The company said, upon discovering the attack, it took immediate action to protect affected users by sending out password reset prompts.
"We are resetting passwords on impacted accounts and we are using second sign-in verification to allow users to re-secure their accounts," the company said.
"Impacted users will be prompted (if not, already) to change their password and may receive an email notification or an SMS text if they have added a mobile number to their account."
Furthermore, Yahoo said it is working with law enforcers to bring the people responsible for the attack to justice. It also moved to assure users that additional measures have been put in place to prevent further attacks on its systems.
"We regret this has happened and want to assure our users that we take the security of their data very seriously," the blog post concluded.
