Yahoo, the world’s second largest email service, has revealed an attempted hack on customer’s email accounts. The company hasn’t said how many accounts have been hacked but it has said it is contacting those who have been affected.
Yahoo is believed to have about 273 million accounts worldwide, including 81 million in the US. If you’ve got a Yahoo account, and haven’t received a notification from the company, it’s worth changing your password anyway, just to be on the safe side.
The company said that malicious computer software had garnered a list of Yahoo usernames and passwords. It added that it believed these details were stolen from a third-party database and not its own systems.
Apparently the attackers tried to get names and addresses from the most recent sent emails of the compromised accounts.
By taking these details from sent folders hackers could try to make bogus messages appear legitimate. These bogus messages could be used in a phishing trawl and hackers could embed Trojans in the emails.
However, the email details could also be used for other breaches such as accessing banking and shopping sites. Hackers could try logging in to such sites with the Yahoo email address, for instance, and ask that a password reminder be sent by email.
This could then be used to access the user’s personal accounts on these sites.
Stay safe and stay aware!