Yahoo Mail Account Credential Theft
RISK: High Risk
TYPE: Attacks - Identity Theft
On 30 Jan 2014, Yahoo has identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Yahoo has prompted affected users to reset passwords, and issued a notice on the attack.
Yahoo claimed that the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. There was no evidence that they were obtained directly from Yahoo’s systems. Yahoo found that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.
Yahoo has urged affected users to reset password.
Impact
- Information Disclosure
System / Technologies affected
- Yahoo Mail
Solutions
- If you are prompted to reset password when using Yahoo Mail, please follow the instructions to do so.
- If you are not prompted but doubt your account security, please follow the instructions to change your Yahoo account password: https://help.yahoo.com/kb/mail/password-sln2035.html
- Suggestions to strengthen your account security:
- Do not use the same password for all accounts and services.
- Use strong password.
- Use 2-factor authentication: https://help.yahoo.com/kb/yahoo-account/SLN5013.html
Vulnerability Identifier
- No CVE information is available
Source
Related Link
Share with