Blender (we)blog > internet security > internet security: Yahoo email accounts hacked
security breached Yahoo emails hacked

internet security: Yahoo email accounts hacked


Warning: count(): Parameter must be an array or an object that implements Countable in /var/www/vhosts/blender.ca/httpdocs/wrdprss/wp-content/plugins/related-links-blender/includes/core.php on line 111

In the past week I have received emails from 2 friend’s Yahoo email accounts — sent by hack­ers!  The emails con­tained a link which, had I clicked it, would have done who knows what.

The hack­ing attack which was used to take con­trol of my friends email accounts used a secu­rity vul­ner­a­bil­ity at Yahoo to copy an access cookie that had been issued from Yahoo.  This access cookie gave the hack­ers full access to the email account until the cookie expired. This attack did require my friends to click on a link, either in a web­site or in an email.

What you should take away form this? Don’t click on sus­pi­cious links!  If you have any doubts about a link in an email con­tact the sender to con­firm it’s legit­i­macy.  If you don’t know where a link is going to send you then it is sus­pi­cious.  Also keep in mind that the text of link may not reli­ably reflect the tar­get.  If you mouse over a link your com­puter should show you the full URL where it will take you — if it is dif­fer­ent or odd do not click it!

If you want more infor­ma­tion on the spe­cific Yahoo secu­rity break Arstech­nica has writ­ten an excel­lent arti­cle: how yahoo allowed hack­ers to hijack my neigh­bors e‑mail account

If you think you were the vic­tim of this or another email hack there are some steps I strongly rec­om­mend you take:

  • change your pass­word — both in this account and any­where else you used the same pass­word.  Don’t for­get that the hack­ers had access to all you emails, can google your name and email, or just guess other web­sites or accounts you might have logins with.  I sug­gest using dif­fer­ent pass­words when pos­si­ble, espe­cially for sen­si­tive logins like bank­ing and email.
  • check your email accounts secu­rity set­tings to ensure they have not been changed — would­n’t want the hack­ers to gain access via a future lost pass­word secu­rity question
  • inform your con­tacts your account had been hacked and not to click on any links they may have received.  You might have exposed them to the same hack and they may not real­ize they have been compromised

Related Posts:

Security Fail Whale - Twitter Hackedsecu­rity alert twit­ter hacked — Twit­ter announced on Fri­day Feb­ruary 1st they had been hacked. 250k accounts may be affected. The stolen data included accounts, emails, addresses, and passwords. 

Security Fail - LinkedIn HackedSECURITY: LinkedIn Pass­words Com­pro­mised — It is very impor­tant you change your pass­word at LinkedIn. A 6+ mil­lion pass­word list has been released.

author:
Tags:
Comment...

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

continue reading...

  • Recent Posts

  • Categories

  • Archives

    • about blender.ca 2.5

    The blender.ca 2.5 website is constructed in HTML and styled through CSS. Javascript and various javascript libraries are used for the animations and dynamic content, but through careful design are not required. Our blog is WordPress with a custom theme based on our website. Supporting code: JQuery, JQuery Tools, Roundabout, Skrollr and Cufon.

    Valid HTML5!

    Map to Blender Design Headquarters
    Blender
    +-