Yahoo says it reset passwords for an unspecified number of accounts after detecting an unfolding hack-attack campaign. Yahoo said there’s no evidence that the recent account-hijacking campaign resulted from attackers stealing credentials from Yahoo itself. The company recommends that all account users “add an alternate email address and mobile number to your account” in the event that the account has been compromised. Users should also activate second sign-in verification — its version of two-factor authentication — which sends a six-digit code via SMS to a user’s registered mobile phone number.”]
Source: https://www.darkreading.com/attacks-breaches/yahoo-mail-passwords-act-now