Follow Slashdot stories on Twitter

 


Forgot your password?
Close
typodupeerror
×
Yahoo! Security

Yahoo Mail Resets Account Passwords After Attack 96

Posted by Soulskill from the fallout-from-an-earlier-breach dept.
MAXOMENOS writes: "Last night Yahoo! announced via their Tumblr page that they had detected attacks against some Yahoo Mail accounts. They reset the passwords to all affected accounts, and advised users of good password practices. Quoting: 'Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo's systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails.'"
This discussion has been archived. No new comments can be posted.

Yahoo Mail Resets Account Passwords After Attack More

Yahoo Mail Resets Account Passwords After Attack

Comments Filter:

  • The real news (Score:5, Insightful)

    by Anonymous Coward on Friday January 31, 2014 @09:51AM (#46119141)

    The real news is that apparently, Yahoo Mail still exists.

  • Re:WTF (Score:5, Insightful)

    by sl4shd0rk ( 755837 ) on Friday January 31, 2014 @10:37AM (#46119513)

    As for why a 3rd party had the passwords, I think Yahoo need to be quite a bit more forthcoming and explain this.

    Quite feasible that yahoo had nothing to do with it:
    Jimbob creates account on somecrackablesite.com using jimbob@yahoo.com email address. somecrackablesite.com gets cracked and attacker gets DB dump which contains username/email/pass for jimbob. Attacker assumes jimbob used same password for both sites and gains access to yahoo account. This is why using the same password for multiple sites is a big no-no.

  • Re:WTF (Score:4, Insightful)

    by jones_supa ( 887896 ) on Friday January 31, 2014 @11:10AM (#46119777)

    This is why using the same password for multiple sites is a big no-no.

    And flipping that around a bit, it is also a security risk as so many sites allow a password reminder through e-mail. If someone cracks only your e-mail, he can just send these reminder requests around the web and get access to various sites.

  • Re:The real news (Score:3, Insightful)

    by Daniel Hoffmann ( 2902427 ) on Friday January 31, 2014 @11:14AM (#46119813)

    Yahoo mail was once the equivalent to gmail. It had very good UI, speed and storage for its day. All of this when many ISPs still charged for an email account. It is not surprising that many people still hold on to their yahoo mail accounts.

Slashdot Top Deals

He has not acquired a fortune; the fortune has acquired him. -- Bion

Close