In a blog post, the company said that the attack appears to have come from a third party database being compromised, and not an infiltration of Yahoo's own servers. The blog post says the perpetrators were likely looking for the names and email addresses in the most recently sent emails of affected users.
Yahoo said that the affected users have already been notified, though it's not clear how widespread the attack was. The company said it's working with federal law enforcement to find those responsible for the attempted breach. Because of that investigation, Yahoo said it could not comment beyond what it has publicly said in the blog post.
It's been a tough go recently for Yahoo Mail users. Last month, a small number of users on the service experienced a, and, in some cases, users saw a backlog of email from up to two weeks.
The company was criticized during the outage for its public relations efforts during the incident. In this case, Yahoo apologized for the attempted attack right off the bat. "We regret this has happened and want to assure our users that we take the security of their data very seriously," the blog post said.