The company said the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise, and not from Yahoo's systems. Malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails, the company added.
Yahoo is working with federal law enforcement to find and prosecute the perpetrators responsible for the attack.
Yahoo didn't say how many accounts have been affected. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.
It's the latest in a string of security breaches that have allowed hackers steal personal information using malicious software. Up to 70 million customers of Target stores had their personal information and credit and debit card numbers compromised late last year, and Neiman Marcus was the victim of a similar breach in December.