Yahoo said it is resetting passwords for some of its e-mail users after discovering a coordinated effort to compromise accounts.

Attackers behind the cracking campaign used usernames and passwords that were probably collected from a compromised database belonging to an unidentified third party, according to Jay Rossiter, Yahoo senior vice president of platforms and personalization products, who wrote an advisory published Thursday. A large percentage of people use the same password to protect multiple Internet accounts, a practice that allows attackers holding credentials taken from one site to compromise accounts on other sites. There's no evidence the passwords used in the attack came from Yahoo Systems.

"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts," Rossiter wrote. "The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mails."

Yahoo administrators are resetting passwords for all affected accounts. Administrators are also using second sign-in verification to let users resecure their accounts. Affected users will be prompted to change their password. They may also receive an e-mail notification or a text message for accounts that are associated with a mobile phone number.

World of Warcraft, vBulletin, MacRumors, and Adobe are only a tiny sampling of the sites recently hit by attacks that exposed password data. There are many more attacks that go unreported or that can't be linked to a particular site or service.

The full text of Thursday's advisory follows: