Yahoo Mail accounts continue to be hacked despite 'fixes'

Despite Yahoo's efforts to fix 'vulnerabilities', mail users have continued to see their accounts hacked. The company says two isolated security holes have been rectified, but the problems persist.

For months accounts have been compromised, typically receiving seemingly legitimate emails which contain dangerous links. Once clicked, accounts are hijacked and used to send similarly harming messages, usually to as many email addresses as are in the contact list, The Next Web reports.

The problems that users have been experiencing were initially reported in early January, with Yahoo soon admitting security flaws and attempting to rectify them.

Back in January, Shahin Ramezany, an independent hacker, posted a YouTube video demonstrating the way in which a Yahoo account can be compromised by "leveraging a DOM-based cross-site scripting (XSS) vulnerability exploitable in all major browsers". The same day Yahoo sent two statements to media outlets, initially confirming the flaw then following up by reporting the issue was fixed. However, users have outlined identical issues in the past few days.

On further investigation, the full scale of the issues becomes apparent - these are well orchestrated attacks on vulnerable users. The Next Web offers one user's experience with the issue:

We were hacked at the end of January. They spammed everyone in the "contact" folder and deleted all the contacts. We just had another yahoo account hacked yesterday. Not only did it spam the entire "contact" folder, but we are unable to send out e-mails or access our "secret question" to change the password.

There was a toll free number to call and when we did we spoke with people who spoke very poor English, and they asked us for a one time fee of $100 for assistance with the issue. When we refused they hung up on us. We called the number twice, the first time we spoke with a woman and the second time we called and we spoke with a man. Both times we called when we refused the payment of $100 we were hung up on.

(To clarify, the seemingly unhelpful Yahoo support advisor who answered the phone was in fact part of the scamming operation.)

Behind Microsoft and Google, Yahoo is the third largest email provider in the world. Even with a small percentage of accounts are affected, this can account for millions of users having their personal information shared, stolen and exposed.

Given the clear lack of a fix for the issue, despite Yahoo's assurances all is well, the company may see a large decline in users in the coming weeks.

Source: The Next WebImage: TheBoxHouston

Previous Story
From The Forums: Was Windows Vista really that bad?
Next Story
Mozilla: No iOS app until Apple opens up