Yahoo didn't specify the name of the third-party and didn't disclose number of affected users. After learned about the unauthorized access, Yahoo is sending password reset mail to all impacted accounts.
The company also said in its official statement that they have found no evidence that the credentials were compromised directly from its server. Their investigation revealed a malicious software is using the login credentials to access Yahoo mail accounts.
The company said that it is now working with federal law enforcement to find the cause of the unauthorized access. Additional measures also implemented to secure its server.
Yahoo says if your account is affected by this breach, you will get a notification through your yahoo email or SMS if a phone number is linked to your account.