In the recent past, security researchers have discovered a number of critical security vulnerabilities in Yahoo Mail. As a result, Yahoo has tried to patch these vulnerabilities by upping the ante on security. However, it seems that the measures taken are inadequate and users are still reporting frequent incidents of Yahoo Mail accounts being hacked.
The most common attack which is being used to target Yahoo Mail users is simply spoofing. They get an email, apparently sent by someone they know, and it contains a seemingly benign link. Once the link is clicked, the account is hacked as the hacker receives login credentials of the users upon clicking.
Moreover, users have also reported that after they click the link, that suspicious email is automatically sent to all their contacts. In this way, the scope of this problem has exponentially increased. And despite Yahoo’s efforts to plug it with security measures, it has persisted.
Interestingly, some Yahoo Mail users have reported that once their account was hacked, they were unable to answer the security question or send out any emails. Moreover, the hackers left behind a toll free number. Upon calling at that number, the users were asked to cough up $100 for ‘assistance with the issue.’
Yahoo, however, doesn’t seem to be taking the whole thing seriously. According to a company spokesperson, “The XSS flaws reported to Yahoo! have been fixed and we continue to aggressively investigate reports of any email accounts exhibiting anomalous behavior. We’re committed to protecting our users and their data. We strongly urge our users to change their passwords frequently and to use unique, alphanumeric passwords for each online site they visit.”