Hackers Breach Yahoo Email And Steal Usernames And Passwords... Again
Late Thursday Yahoo! acknowledged hackers accessed a number of its Mail accounts through a third party and that the affected accounts must now reset their passwords.
Yahoo reported today that hackers have attempted a coordinated attack on a number of Yahoo Mail accounts
Yahoo has admitted that usernames and passwords of its email customers have been stolen and used to access accounts - but has refused to reveal how many.
phys.orgYahoo is the second-largest email service worldwide, after Google's Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.
slate.comYahoo believes that the attack was caused by attackers trying to use credentials stolen from a third-party to gain access to users’ mail accounts
Once inside, the software the attackers used was designed to grab the names and email addresses of a user’s most recent sent emails. The company didn’t disclose how many accounts were affected by the attack.
ubergizmo.comIt’s the second email problem in the last two months for Yahoo and the company said it took immediate action to minimize the damage to users whose accounts were involved.
slate.comIt is not clear why a third-party database would have information on Yahoo accounts
Yahoo said it is resetting passwords on affected accounts and has 'implemented additional measures' to block further attacks.
dailymail.co.uk'Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise,' the firm said.
'We have no evidence that they were obtained directly from Yahoo’s systems.
'Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts.
kpvi.com'The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.'
'We regret this has happened and want to assure our users that we take the security of their data very seriously.'
That could mean hackers were looking for additional email addresses to send spam or scam messages
By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.
The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites.
That's because many sites use email to reset passwords.
Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.