Yahoo compromised again?

pineapple · 13 May 2013 at 10:03PM

Just a heads up for those of us with Yahoo as sometimes these things come in waves and there have been reports of a recent hack.
http://siliconangle.com/blog/2013/04/30/yahoo-mail-hacked-again-serious-questions-raised-about-its-ability-to-protect-users/
I got a mail today from a long lost relative - I should have known by the one word subject ('Hey') but I opened it without thinking then realised straight away what it was.
There was just a (presumably malicious) link inside ending in php.
Which of course I didn't click on!

Johnmcl7 · 14 May 2013 at 12:44AM

I don't know if they've actually ever fixed the security vulnerability that allows the accounts to be compromised as I'm still getting mails from hacked accounts plus people are still asking me how to stop it happening which implies either the vulnerability isn't fixed or there's a long list of hacked accounts they can still work through.

John

securityguy · 14 May 2013 at 7:02AM

Are you sure the mail is coming from hacked Yahoo accounts, or is it just that the From: is forged to be a yahoo account? The former is Yahoo's problem. The latter is your mail provider's problem, because they should be checking DKIM headers and aren't. Yahoo digitally sign all email that leaves their system, attesting to it being sent from the account, and other providers are meant to discard email that purports to be from Yahoo but doesn't have that signature.

If Yahoo accounts are being broken into, and mail is emerging from Yahoo with those digital signatures but from hacked accounts, then Yahoo should be sternly criticised. But if what's actually happening is that other providers are not properly using the DKIM information (which Yahoo were one of the first and most consistent users of) then that is their problem.

pineapple · 14 May 2013 at 7:45AM

Thanks security guy. I don't pretend to understand it. When it happened to me a year or so ago I was alerted because I have a nonsense address in my contact list and that mail was bounced back. So I knew to alert all the people in my contact list. Alarmingly imo - contacts had been sent mail using existing headers in my mailbox :huh:
A check revealed that my account had been accessed via Messenger which I don't even use! Maybe I opened it accidentally one day. It's my major beef with the new Yahoo - all this stuff in the left pane. Useful if you use it, garbage if you don't.
If I remember correctly, many others were compromised at the same time.
Fortunately I wasn't locked out of my mail. I did all the usual things - password changes, virus scans.... But then I took my contact list out of Yahoo. It's a pain I know as you can't just automatically click on a contact but if we all did that - surely that would reduce these incidences?
I do have a Fastmail account and am thinking of switching permanently. I've never heard of any problems with that.

mttylad · 14 May 2013 at 7:47PM

Yes its coming from Yahoo's servers.

Its a big problem and I am getting spam from different yahoo & BTyahoo users every day (I run several yahoo groups).

Changing the password is about all that can be done.

Johnmcl7 · 14 May 2013 at 9:39PM

securityguy wrote: »

Are you sure the mail is coming from hacked Yahoo accounts, or is it just that the From: is forged to be a yahoo account? The former is Yahoo's problem. The latter is your mail provider's problem, because they should be checking DKIM headers and aren't. Yahoo digitally sign all email that leaves their system, attesting to it being sent from the account, and other providers are meant to discard email that purports to be from Yahoo but doesn't have that signature.

If Yahoo accounts are being broken into, and mail is emerging from Yahoo with those digital signatures but from hacked accounts, then Yahoo should be sternly criticised. But if what's actually happening is that other providers are not properly using the DKIM information (which Yahoo were one of the first and most consistent users of) then that is their problem.

All the ones I've seen have come from Yahoo themselves, the spammers are using the compromised mailbox's contacts to send the spam to. The format has been the same in each of the ones I've seen with a single link to a health/diet product.

John

spud17 · 14 May 2013 at 10:02PM

Johnmcl7 wrote: »

All the ones I've seen have come from Yahoo themselves, the spammers are using the compromised mailbox's contacts to send the spam to. The format has been the same in each of the ones I've seen with a single link to a health/diet product.

John

That's exactly the same as I posted about last Friday (10th May).

May 10, 2013 11:41 Browser Logged In Belarus
May 10, 2013 11:41 Browser Mail Access Belarus
May 10, 2013 11:40 Yahoo! Mobile Logged In Ukraine

The only contact available to use was in the sent folder, left from when I tested the account in 2007(?) by sending an email to a now long disappeared address. It bounced and I've viewed the source and it does mention a weight loss/diet product.
For the record the password consisted of upper/lower case etc and was not a dictionary word.
So is something amiss with Yahoo's security?

securityguy · 14 May 2013 at 10:08PM

Fairly lengthy account of how actual accounts were compromised a few months ago:

http://thenextweb.com/insider/2013/03/06/despite-its-efforts-to-fix-vulnerabilities-yahoos-mail-users-continue-reporting-hacking-incidents/

Worrying it's still happening, but of course accounts might have been compromised and saved for later.

Yahoo compromised again?

Comments

Confirm your email address to Create Threads and Reply

🚀 Getting Started

Categories

Is this how you want to be seen?

Get our FREE Weekly email full of deals & guides - and it’s spam-free