TRENDING:

Yahoo: Malware Prompts Password Reset

Unauthorized Access to Mail Accounts Confirmed Jeffrey Roman (gen_sec) • January 31, 2014    
Yahoo: Malware Prompts Password Reset

Yahoo is advising an undisclosed number of users to reset their passwords following a malware attack that led to unauthorized access to Yahoo Mail accounts.

See Also: The Essential Guide To Machine Data

"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," says Jay Rossiter, senior vice president, platforms and personalization products, in a post to the company's blog. "We have no evidence that they were obtained directly from Yahoo's systems," he says.

The investigation shows that malware used the list of usernames and passwords to access Yahoo Mail accounts, the company says.

"The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mails," Rossiter says.

As a result of the attack, Yahoo is working with users to reset passwords on affected accounts and is offering a second sign-in verification to allow users to secure their accounts. The company is also cooperating with federal law enforcement on an investigation.

The company did not immediately respond to a request for more information about the incident.

Past Incidents

Earlier in January, malicious advertisements served on Yahoo may have compromised thousands of European users' devices with malware, says security vendor Fox-IT, which discovered the exploit (see: Europeans Hit by Malicious Ads on Yahoo).

The company also was struck by a hacktivist attack in July 2012. A hacking group calling itself D33Ds Company posted more than 400,000 Yahoo usernames and passwords online (see: 400,000 Yahoo! Passwords Hacked). Yahoo confirmed that an older file from the Yahoo Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo accounts had valid passwords," the statement notes.

Previous
Target Breach: A Watershed Event
Next
RSA: Malware Impacts 45 Retailers

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Digital IDs: A Progress Report
Digital IDs: A Progress Report
Guarding Against COVID-19 Fraud Schemes
Guarding Against COVID-19 Fraud Schemes
Ransom Demands: What Happens If Victims Pay or Don't Pay?
Ransom Demands: What Happens If Victims Pay or Don't Pay?
Using AI & ML to Mitigate Threats
Using AI & ML to Mitigate Threats
'Ripple20' Flaws in Medical Devices: The Risks
'Ripple20' Flaws in Medical Devices: The Risks
Sizing Up Security Challenges for Telecom Companies
Sizing Up Security Challenges for Telecom Companies
Analysis: Mitigating Risks in Multicloud Environments
Analysis: Mitigating Risks in Multicloud Environments
Analysis: Keeping IoT Devices Secure
Analysis: Keeping IoT Devices Secure
Using AI for Improved Threat Detection
Using AI for Improved Threat Detection
PCI Council's Efforts to Fight Fraud During COVID-19 Crisis
PCI Council's Efforts to Fight Fraud During COVID-19 Crisis

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.