TRENDING:

Yahoo: Malware Prompts Password Reset

Unauthorized Access to Mail Accounts Confirmed Jeffrey Roman (gen_sec) • January 31, 2014    
Yahoo: Malware Prompts Password Reset

Yahoo is advising an undisclosed number of users to reset their passwords following a malware attack that led to unauthorized access to Yahoo Mail accounts.

See Also: Live Webinar | Cybersecurity in Healthcare Supply Chains: A CISO Perspective

"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," says Jay Rossiter, senior vice president, platforms and personalization products, in a post to the company's blog. "We have no evidence that they were obtained directly from Yahoo's systems," he says.

The investigation shows that malware used the list of usernames and passwords to access Yahoo Mail accounts, the company says.

"The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mails," Rossiter says.

As a result of the attack, Yahoo is working with users to reset passwords on affected accounts and is offering a second sign-in verification to allow users to secure their accounts. The company is also cooperating with federal law enforcement on an investigation.

The company did not immediately respond to a request for more information about the incident.

Past Incidents

Earlier in January, malicious advertisements served on Yahoo may have compromised thousands of European users' devices with malware, says security vendor Fox-IT, which discovered the exploit (see: Europeans Hit by Malicious Ads on Yahoo).

The company also was struck by a hacktivist attack in July 2012. A hacking group calling itself D33Ds Company posted more than 400,000 Yahoo usernames and passwords online (see: 400,000 Yahoo! Passwords Hacked). Yahoo confirmed that an older file from the Yahoo Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo accounts had valid passwords," the statement notes.

Previous
Target Breach: A Watershed Event
Next
RSA: Malware Impacts 45 Retailers

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Ransomware Gangs Find Fresh Ways to Make Victims Pay
Ransomware Gangs Find Fresh Ways to Make Victims Pay
Price Is Right: When Insiders Are Willing to Violate HIPAA
Price Is Right: When Insiders Are Willing to Violate HIPAA
Analysis: Are Darknet Markets Here to Stay?
Analysis: Are Darknet Markets Here to Stay?
Using Tech to Prevent Fraud in Government Loan Program
Using Tech to Prevent Fraud in Government Loan Program
Key Considerations for Privileged Access Management
Key Considerations for Privileged Access Management
How Organizations Can Leverage SASE
How Organizations Can Leverage SASE
Analysis: Is Chinese Database Exposure a Cause for Concern?
Analysis: Is Chinese Database Exposure a Cause for Concern?
The Risks Posed by Mobile Health Apps
The Risks Posed by Mobile Health Apps
Fed Studies Development of Digital Dollar
Fed Studies Development of Digital Dollar
Privacy Framework Proposed to Address HIPAA Gaps
Privacy Framework Proposed to Address HIPAA Gaps

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.