Skip to main content

Yahoo Mail Account Credential Theft

Last Update Date: 4 Feb 2014 11:50 Release Date: 4 Feb 2014 4051 Views

RISK: High Risk

TYPE: Attacks - Identity Theft

TYPE: Identity Theft

On 30 Jan 2014, Yahoo has identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Yahoo has prompted affected users to reset passwords, and issued a notice on the attack.

 

Yahoo claimed that the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. There was no evidence that they were obtained directly from Yahoo’s systems. Yahoo found that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.

 

Yahoo has urged affected users to reset password.


Impact

  • Information Disclosure

System / Technologies affected

  •  Yahoo Mail

Solutions


Vulnerability Identifier

  • No CVE information is available

Source


Related Link