Yahoo Mail accounts compromised in coordinated attack
Posted on 31 January 2014.
Unknown attackers have attempted to access a number of Yahoo Mail accounts, the company warned on Thursday, and urged users to change their passwords even if they haven't been affected.


"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems," shared Jay Rossiter, Yahoo senior vice president of platforms and personalization products.

"Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails."

The company has performed a password reset on impacted accounts, and affected users will be prompted to re-secure their accounts by changing the password.

"In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services," he added. "Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks."

The company didn't say how many mail accounts have been affected.

The compromised accounts could have been used to send out spam directly, but the collected information (contacts' names and emails) can also be used to make scammy emails from other sources look more legitimate.









Spotlight

Breaking the security of physical devices

Posted on 18 August 2014.  |  In this podcast recorded at Black Hat USA 2014, Silvio Cesare, Director of Anti-Malware Engineering at Qualys, discusses the security measures of a number of household devices and things.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Aug 19th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //