Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Email Breach Again


  • Please log in to reply
16 replies to this topic

#1 battyhippie

battyhippie

  • Members
  • 422 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 January 2014 - 11:17 AM

For those here at Bleeping Computers, read in my paper today that Yahoo is reporting a breach in their email accounts

 

http://www.latimes.com/business/technology/la-fi-tn-yahoo-mail-breach-number-users-not-disclosed-20140130,0,3294421.story

 

http://news.yahoo.com/yahoo-mail-accounts-breached-stolen-passwords-004559692.html

 

http://news.yahoo.com/yahoo-mail-accounts-breached-stolen-passwords-004559692.html

 

Basically, Yahoo is telling their email users to change their passwords.



BC AdBot (Login to Remove)

 


#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:26 AM

Posted 31 January 2014 - 01:34 PM

A major security breach of Yahoo email accounts has been reported and personally changed all my passwords immediately to a new STRONG & SECURE password. All users should do this immediate as hackers can use a hijacked account to reset passwords used for banking, credit cards, or other sensitive accounts.

YAHOO Email Security Breach - Change Your Password

Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoos systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts most recent sent emails.

Important Security Update for Yahoo Mail Users
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#3 battyhippie

battyhippie
  • Topic Starter

  • Members
  • 422 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 January 2014 - 01:39 PM

@ Quietman7

 

I posted this in general chat...want to squash it?



#4 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:26 AM

Posted 31 January 2014 - 03:50 PM

No need to do that...I just merged it with this one so both are in the News section.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#5 battyhippie

battyhippie
  • Topic Starter

  • Members
  • 422 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 31 January 2014 - 04:54 PM

Okay, Thank-you, Quietman7!



#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:26 AM

Posted 31 January 2014 - 04:56 PM

Not a problem...this area is really where information like this should be posted.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#7 sikntired

sikntired

  • Members
  • 514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:05:26 AM

Posted 31 January 2014 - 07:26 PM

Prior to Yahoo release started a thread due to having an email breach here:                

http://www.bleepingcomputer.com/forums/t/522543/explanation-please/

 

But thanks for additional info.

 

 

Edit for spelling.


Edited by sikntired, 31 January 2014 - 08:00 PM.


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:26 AM

Posted 31 January 2014 - 08:10 PM

This area is where information like this is posted so check daily.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#9 noknojon

noknojon

    Almost Retired


  • Members
  • 9,896 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:09:26 PM

Posted 01 February 2014 - 05:02 AM

Already changed mine last week, but I may need to do it again this week -

 

The scammers have already asked me to confirm my new password .............



#10 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:26 AM

Posted 02 February 2014 - 12:25 PM

I would also change all user account passwords that are associated with your yahoo or ymail email address, just incase those have been breached.

1) Bank Sites
2) Cell / Phone Bill Sites
3) Credit Card Sites
4) Power and Utility Sites
5) eCommerce Sites
6) Medical Sites
7) and others

I would also be on the look out for Tax Spam as well since it could be scammers asking to verify your information to proceed with tax stuff since it is tax season in the US.

#11 saluqi

saluqi

  • Members
  • 272 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:southern San Joaquin Valley, Calfornia
  • Local time:03:26 AM

Posted 02 February 2014 - 09:06 PM

I do not use Yahoo! mail, never have and probably never will - but I do receive mails sent from there by various people, I am among other things a busy list owner and moderator and have to deal with anything from 200 to 2000 emails daily.  Is there anything to fear there?

 

I am also member or moderator of about 40 lists hosted on Yahoogroups - any dangers there?  so long as I have the usual safeguards in place?  At the moment, subject to change, Avast! Internet Security, WinPatrol, SpywareBlaster, the MVPS "hosts" file, and scans every few days with Malwarebytes' Anti-Malware . . .  Most of those lists are low volume but perhaps a dozen are the opposite (aargh! <G>).

 

Of course we see phishing mails on those lists, they are mostly easy to spot ... every once in a while somebody's address book gets hijacked, that too is usually pretty obvious ... is there something I am missing here?

 

A few years ago spammers used my own address to send out mail - thousands or millions of spam messages got sent mostly to addresses in the former Soviet Union or in eastern Asia, a second round included addresses in western Europe ... for a while I was getting up to 100 "undeliverable mail" notices a day, when the spammers used obsolete or invalid addresses ... I traced the spammers' IP to Saudi Arabia (where I used to live, long ago) but since they changed IPs every few hours we didn't pursue it ... changed passwords on everything of course, but don't really know if that helped.

 

Back when I was a corporate IS manager we forced global password changes at regular and frequent intervals ... but that was 20 years ago and life wasn't so dangerous back then.  Still, multi million dollar transactions ... the only crooks we actually found were within the company ...



#12 Bread&Butter

Bread&Butter

  • Members
  • 24 posts
  • OFFLINE
  •  
  • Local time:06:26 AM

Posted 03 February 2014 - 03:33 PM

I'm a yahoo mail user and frankly I'm over yahoo. Can anyone recommend another mail site that I can use that's less likely to get compromised and has better security? Thunderbird? Safe-mail.net etc....



#13 cryptodan

cryptodan

    Bleepin Madman


  • Members
  • 21,868 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Catonsville, Md
  • Local time:10:26 AM

Posted 03 February 2014 - 03:35 PM

Thunderbird is a mail client, but I would recommend Gmail.

#14 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,867 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:06:26 AM

Posted 03 February 2014 - 04:06 PM

I agree with cryptodan...Gmail.
Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#15 leyla.m.cervantes

leyla.m.cervantes

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:04:26 AM

Posted 03 February 2014 - 04:17 PM

I'm moderator/group owner of a social network site currently operating on Yahoo. I heard about the recent security breach on Yahoo. Other than each individual user changing their password, what's the best way to assure users of Yahoo sites for social networking are afforded the greatest amount of personal privacy? Is there anything I can do as a moderator to help assure my site and group are protected from exposure to future attacks?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users