Data leakage of users of Yahoo! mail

Posted: February 1, 2013 in IT Security News
Tags: , , ,

Yahoo!The vulnerability in WordPress became the reason of a data leakage of users of mail of Yahoo!

Swindlers got access to sessional cookies-files of users of the Yahoo! service.

Experts from BitDefender found that compromised user account email service Yahoo! occurred because the gaps that existed in WordPress.

Note that the hole was fixed in April 2012. On the domain of developers Yahoo! developer.yahoo.com was posted blog WordPress, administrators have not updated it in a timely manner. Thus, after his compromise hackers could gain access to all the session cookies-file for the domain yahoo.com .

Scammers create fake website designed based news portals MSN / NBC, which was placed on two domains: com-im9.net and com-io4.net. Fake Resources containing malicious code Javascript-library which steals user session cookies-files.

Using the hole in WordPress, attackers could send all session cookies-files to their fake sites and take control of the accounts Yahoo!.

Currently, representatives of service to eliminate the consequences be compromised, and the vulnerability of the blog WordPress.

While hackers and did not get passwords, they can read and send emails were victims. In particular, they can determine which services are “tied” e-mail account by, for example, social networks. This information could provide the ability to query and change the password, so as to crack the user profiles on the resource side.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s