internet security: Yahoo email accounts hacked

In the past week I have received emails from 2 friend’s Yahoo email accounts — sent by hack­ers!  The emails con­tained a link which, had I clicked it, would have done who knows what.

The hack­ing attack which was used to take con­trol of my friends email accounts used a secu­rity vul­ner­a­bil­ity at Yahoo to copy an access cookie that had been issued from Yahoo.  This access cookie gave the hack­ers full access to the email account until the cookie expired. This attack did require my friends to click on a link, either in a web­site or in an email.

What you should take away form this? Don’t click on sus­pi­cious links!  If you have any doubts about a link in an email con­tact the sender to con­firm it’s legit­i­macy.  If you don’t know where a link is going to send you then it is sus­pi­cious.  Also keep in mind that the text of link may not reli­ably reflect the tar­get.  If you mouse over a link your com­puter should show you the full URL where it will take you — if it is dif­fer­ent or odd do not click it!

If you want more infor­ma­tion on the spe­cific Yahoo secu­rity break Arstech­nica has writ­ten an excel­lent arti­cle: how yahoo allowed hack­ers to hijack my neigh­bors e-mail account

If you think you were the vic­tim of this or another email hack there are some steps I strongly rec­om­mend you take:

  • change your pass­word — both in this account and any­where else you used the same pass­word.  Don’t for­get that the hack­ers had access to all you emails, can google your name and email, or just guess other web­sites or accounts you might have logins with.  I sug­gest using dif­fer­ent pass­words when pos­si­ble, espe­cially for sen­si­tive logins like bank­ing and email.
  • check your email accounts secu­rity set­tings to ensure they have not been changed — wouldn’t want the hack­ers to gain access via a future lost pass­word secu­rity ques­tion
  • inform your con­tacts your account had been hacked and not to click on any links they may have received.  You might have exposed them to the same hack and they may not real­ize they have been com­pro­mised
author: