The company said in a blog post that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."
Yahoo says it believes the usernames and passwords weren't collected from its own systems, but from a third-party database. The company says it is resetting passwords on affected accounts and has "implemented additional measures" to block further attacks.
The company would not comment beyond the information in its blog post. It says it is working with federal law enforcement.