TRENDING:

Yahoo: Malware Prompts Password Reset

Unauthorized Access to Mail Accounts Confirmed Jeffrey Roman (gen_sec) • January 31, 2014    
Yahoo: Malware Prompts Password Reset

Yahoo is advising an undisclosed number of users to reset their passwords following a malware attack that led to unauthorized access to Yahoo Mail accounts.

See Also: Webinar | Passwords: Here Today, Gone Tomorrow? Be Careful What You Wish For.

"Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise," says Jay Rossiter, senior vice president, platforms and personalization products, in a post to the company's blog. "We have no evidence that they were obtained directly from Yahoo's systems," he says.

The investigation shows that malware used the list of usernames and passwords to access Yahoo Mail accounts, the company says.

"The information sought in the attack seems to be names and e-mail addresses from the affected accounts' most recent sent e-mails," Rossiter says.

As a result of the attack, Yahoo is working with users to reset passwords on affected accounts and is offering a second sign-in verification to allow users to secure their accounts. The company is also cooperating with federal law enforcement on an investigation.

The company did not immediately respond to a request for more information about the incident.

Past Incidents

Earlier in January, malicious advertisements served on Yahoo may have compromised thousands of European users' devices with malware, says security vendor Fox-IT, which discovered the exploit (see: Europeans Hit by Malicious Ads on Yahoo).

The company also was struck by a hacktivist attack in July 2012. A hacking group calling itself D33Ds Company posted more than 400,000 Yahoo usernames and passwords online (see: 400,000 Yahoo! Passwords Hacked). Yahoo confirmed that an older file from the Yahoo Contributor Network, previously Associated Content, containing approximately 400,000 Yahoo and other company usernames and passwords, was stolen on July 11. "Of those, less than 5 percent of the Yahoo accounts had valid passwords," the statement notes.

Previous
Target Breach: A Watershed Event
Next
RSA: Malware Impacts 45 Retailers

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

How Has FTC Data Security Enforcement Changed?
How Has FTC Data Security Enforcement Changed?
Privacy: How Technology Is Outpacing Regulation
Privacy: How Technology Is Outpacing Regulation
Stung by Takedowns, Criminals Tap Distributed Dark Markets
Stung by Takedowns, Criminals Tap Distributed Dark Markets
Analysis: New ISO Privacy Standard
Analysis: New ISO Privacy Standard
The Unspoken Insider Threat
The Unspoken Insider Threat
Making the Case for National Unique Patient ID
Making the Case for National Unique Patient ID
Application Security: Why Open Source Components Matter
Application Security: Why Open Source Components Matter
A "Reasonable" Response to Cyber Incidents
A "Reasonable" Response to Cyber Incidents
Analysis: Twitter's Phone Number Repurposing 'Mistake'
Analysis: Twitter's Phone Number Repurposing 'Mistake'
Complying With New York's SHIELD Act
Complying With New York's SHIELD Act

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.