tech

Hackers Breach Yahoo Email And Steal Usernames And Passwords... Again

Late Thursday Yahoo! acknowledged hackers accessed a number of its Mail accounts through a third party and that the affected accounts must now reset their passwords.

By Sadho Ram — 31 Jan 2014, 03:11 PM — Updated almost 11 years ago

Cover image via thinkinc.org.au

Yahoo reported today that hackers have attempted a coordinated attack on a number of Yahoo Mail accounts

Yahoo has admitted that usernames and passwords of its email customers have been stolen and used to access accounts - but has refused to reveal how many.

phys.org
Yahoo reports a cyberattack results in a security breach of the service's email.

Yahoo reports a cyberattack results in a security breach of the service's email.

Image via slate.com

Yahoo is the second-largest email service worldwide, after Google's Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.

slate.com

Yahoo believes that the attack was caused by attackers trying to use credentials stolen from a third-party to gain access to users’ mail accounts

Once inside, the software the attackers used was designed to grab the names and email addresses of a user’s most recent sent emails. The company didn’t disclose how many accounts were affected by the attack.

ubergizmo.com
Image from theatlantic.com
Image via theatlantic.com

It’s the second email problem in the last two months for Yahoo and the company said it took immediate action to minimize the damage to users whose accounts were involved.

slate.com

It is not clear why a third-party database would have information on Yahoo accounts

Yahoo said it is resetting passwords on affected accounts and has 'implemented additional measures' to block further attacks.

dailymail.co.uk
Image from dailymail.co.uk
Image via dailymail.co.uk

'Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise,' the firm said.
'We have no evidence that they were obtained directly from Yahoo’s systems.

phys.org

'Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.

kpvi.com
Marissa Mayer's firm has admitted to a major hack attack - but refused to reveal how many users have been affected

Marissa Mayer's firm has admitted to a major hack attack - but refused to reveal how many users have been affected

Image via dailymail.co.uk

'The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.'
'We regret this has happened and want to assure our users that we take the security of their data very seriously.'

dailymail.co.uk

That could mean hackers were looking for additional email addresses to send spam or scam messages

By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.
The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites.

in.com
Image from rawstory.com
Image via rawstory.com

That's because many sites use email to reset passwords.
Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.

dailymail.co.uk

You may be interested in: