Attack started with the theft of user credentials from a third-party database. Yahoo says it had no evidence that the usernames and passwords came from its own systems. The incident highlights the dangers people face when using the same credentials for multiple sites. People do not know the kind of security that will be used to protect the data and they have no idea what personal information will be collected, experts say. For businesses, the attack is a reminder of the importance of having additional layers of protection.”]
Source: https://www.csoonline.com/article/2134367/yahoo-attack-places-spotlight-on-identity-management.html