1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Yahoo mail has been hacked again

Discussion in 'BlackHat Lounge' started by bartosimpsonio, Feb 15, 2017.

  1. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,767
    Likes Received:
    11,425
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    Dear XXXXXXXXXX,

    We are writing to inform you about a data security issue that involves your Yahoo account. We have taken steps to secure your account and are working closely with law enforcement.

    Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account. We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016. Those users targeted by the state-sponsored actor were sent an additional notification like the one found here: https://help.yahoo.com/kb/SLN26995.html.

    We invalidated the forged cookies and hardened our systems to secure them against similar attacks. We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.

    We encourage you to follow these security recommendations:
    • Review all of your accounts for suspicious activity.
    • Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
    • Avoid clicking on links or downloading attachments from suspicious emails.

    Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.


    For More Information

    For more information about this issue and our security resources, please visit the Yahoo Account Security Issue FAQs page available at https://yahoo.com/security-update.

    Protecting your information is important to us and we work continuously to strengthen our defenses.

    Sincerely,

    Bob Lord
    Chief Information Security Officer
    Yahoo
     
  2. Sherbert Hoover

    Sherbert Hoover Jr. Executive VIP Jr. VIP

    Joined:
    Dec 26, 2010
    Messages:
    1,298
    Likes Received:
    10,834
  3. Heisenberg

    Heisenberg Jr. VIP Jr. VIP

    Joined:
    Sep 11, 2014
    Messages:
    720
    Likes Received:
    375
    Occupation:
    Freelancer
    Location:
    Croatia
    Are there people that after these numerous breaches still use yahoo mail? lol
     
    Last edited: Feb 15, 2017
  4. tehnikumapuika

    tehnikumapuika Power Member

    Joined:
    Jan 22, 2013
    Messages:
    530
    Likes Received:
    203
    stupidest thing is that tumblr got together with yahoo, so yahoo mail are for tumblr login.

    And also flickr. Fck.
     
    • Thanks Thanks x 2
  5. datsunguy

    datsunguy Supreme Member

    Joined:
    Sep 30, 2016
    Messages:
    1,468
    Likes Received:
    1,073
    Occupation:
    professional duck
    Location:
    a pond near you
    Home Page:
    Bob get your shit together.
     
    • Thanks Thanks x 4
  6. MorningW0

    MorningW0 Newbie

    Joined:
    Sep 28, 2012
    Messages:
    7
    Likes Received:
    0
    So it happened a second time? Seems this is referencing the one that happened lately. Sucks for them though, I think Verizon was going to buy them or something like that (could be wrong on that).
     
  7. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    851
    Likes Received:
    539
    This is in relation to the previous two big hacks.

    They havn't been hacked again they are still cleaning up. Poor yahoo 1.5 billion accounts swiped...theres nothing left to hack there surely.
     
  8. goldenkey

    goldenkey Jr. VIP Jr. VIP

    Joined:
    Aug 22, 2015
    Messages:
    346
    Likes Received:
    17
  9. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,767
    Likes Received:
    11,425
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    Worse, folks are using Gmail so all their links get busted.
     
  10. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,767
    Likes Received:
    11,425
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    No this one came in just now, they refer to the old hack in the message....this is a new one....
     
  11. nikchaing

    nikchaing Jr. VIP Jr. VIP UnGagged Attendee

    Joined:
    Apr 24, 2013
    Messages:
    1,114
    Likes Received:
    2,192
    Location:
    Florida
    well your heart is already hacked by breathing all that air that google engineers breath
     
  12. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,767
    Likes Received:
    11,425
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    69c.png
     
    • Thanks Thanks x 5
  13. MisterF

    MisterF Jr. VIP Jr. VIP

    Joined:
    Nov 29, 2009
    Messages:
    7,826
    Likes Received:
    6,320
    Occupation:
    Conference Organiser, Business Advisor.,
    Location:
    JADIP
    Home Page:
    Gotta love the big players security set ups.
     
  14. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    851
    Likes Received:
    539
    Fair enough. I'm more surprised that after everything that's happened anyone's still using yahoo email. Especially people on this forum who must own at least one domain they can use.
     
  15. topcalibercontent

    topcalibercontent Jr. VIP Jr. VIP

    Joined:
    Sep 24, 2016
    Messages:
    112
    Likes Received:
    64
    Gender:
    Male
    Occupation:
    Writer
    It's like Yahoo is trying to be the worst.

    It is a good case study on how far you can coast off past success.
     
  16. bartosimpsonio

    bartosimpsonio Jr. VIP Jr. VIP Premium Member

    Joined:
    Mar 21, 2013
    Messages:
    12,767
    Likes Received:
    11,425
    Occupation:
    COINZ
    Location:
    BUYAH
    Home Page:
    Right? A domain is $10 and email-inclusive hosting is what...$2 ??? When you're not paying the product is you. Your email is worth U$ 2 a month....
     
  17. asap1

    asap1 BANNED BANNED

    Joined:
    Mar 25, 2013
    Messages:
    4,961
    Likes Received:
    3,185
    RIP Yahoo.
     
    • Thanks Thanks x 1
  18. Perry Bernard

    Perry Bernard Newbie

    Joined:
    Feb 6, 2017
    Messages:
    5
    Likes Received:
    1
    Gender:
    Male
    Location:
    New Zealand
    Home Page:
    I'm a bit interested to have them spell out exactly who the "state-sponsored actor" is.
     
  19. DarkPixel

    DarkPixel Jr. VIP Jr. VIP

    Joined:
    Oct 4, 2011
    Messages:
    1,348
    Likes Received:
    1,252
    Location:
    ↓↓↓↓
    Home Page:
  20. tb303

    tb303 Senior Member

    Joined:
    Dec 18, 2011
    Messages:
    851
    Likes Received:
    539
    Seems to be Russia getting the blame for most things lately. But if you follow the money Verizon have gained the most.