TRENDING:

Yahoo: Malware Prompts Password Reset

Unauthorized Access to Mail Accounts Confirmed Jeffrey Roman (gen_sec) • January 31, 2014    
Yahoo: Malware Prompts Password Reset

Yahoo is advising an undisclosed number of users to reset their passwords following a malware attack that led to unauthorized access to Yahoo Mail accounts.

See Also: Webinar | The Future of Adaptive Authentication in Financial Services

"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," says Jay Rossiter, senior vice president, platforms and personalization products, in a post to the company's blog. "We have no evidence that they were obtained directly from Yahoo's systems," he says.

The investigation shows that malware used the list of usernames and passwords to access Yahoo Mail accounts, the company says.

"The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mails," Rossiter says.

As a result of the attack, Yahoo is working with users to reset passwords on affected accounts and is offering a second sign-in verification to allow users to secure their accounts. The company is also cooperating with federal law enforcement on an investigation.

The company did not immediately respond to a request for more information about the incident.

Past Incidents

Earlier in January, malicious advertisements served on Yahoo may have compromised thousands of European users' devices with malware, says security vendor Fox-IT, which discovered the exploit (see: Europeans Hit by Malicious Ads on Yahoo).

The company also was struck by a hacktivist attack in July 2012. A hacking group calling itself D33Ds Company posted more than 400,000 Yahoo usernames and passwords online (see: 400,000 Yahoo! Passwords Hacked). Yahoo confirmed that an older file from the Yahoo Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo accounts had valid passwords," the statement notes.

Previous
Target Breach: A Watershed Event
Next
RSA: Malware Impacts 45 Retailers

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Cyber Confidence: Why it Matters
Cyber Confidence: Why it Matters
John Halamka on Privacy, Security of Mayo Clinic Platform
John Halamka on Privacy, Security of Mayo Clinic Platform
Cybersecurity Chief on 2020 National Cybersecurity Policy
Cybersecurity Chief on 2020 National Cybersecurity Policy
Quantum-Proof Cryptography: What Role Will It Play?
Quantum-Proof Cryptography: What Role Will It Play?
How This CISO Handles Security in Multiple Business Sectors
How This CISO Handles Security in Multiple Business Sectors
Analysis: Smart TV Risks
Analysis: Smart TV Risks
AI, Machine Learning and Robotics: Privacy, Security Issues
AI, Machine Learning and Robotics: Privacy, Security Issues
How the Adversarial Mindset Is Making Cybersecurity Better
How the Adversarial Mindset Is Making Cybersecurity Better
Reflections on Cloud Strategies & Security
Reflections on Cloud Strategies & Security
Analysis: A Better Approach to Cyber Defense
Analysis: A Better Approach to Cyber Defense

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.