The California company did not disclose the extent of the breach, but said that it is asking those affected to change their passwords.
“Security attacks are unfortunately becoming a more regular occurrence,” Yahoo senior vice president for platforms and personalization products Jay Rossiter said in a blog post.
“We regret this has happened and want to assure our users that we take the security of their data very seriously.”
A malicious computer program armed with Yahoo Mail passwords and usernames apparently slipped into accounts aiming to glean names and addresses from messages that had been sent, according to Rossiter.
Yahoo recently discovered the invasion and suspected that the passwords were snatched from a third-party database that the company did not disclose.
“We have no evidence that they were obtained directly from Yahoo’s systems,” Rossiter said.
Yahoo said it was working with federal authorities to investigate the breach.