Welcome to WebmasterWorld Guest from

Forum Moderators: open

Message Too Old, No Replies

Yahoo Mail User Accounts Compromised



12:22 pm on Jan 31, 2014 (gmt 0)

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

The security message indicates posted by Jay Rossiter, SVP, Platforms and Personalization Products on the blog says it may have come from a third party database. I might ask what the third party was doing with the database in the first place.

Security attacks are unfortunately becoming a more regular occurrence. Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts. Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.Yahoo Mail User Accounts Compromised [yahoo.tumblr.com]
Based on our current findings, the list of usernames and passwords that were used to execute the attack was likely collected from a third-party database compromise. We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.


3:04 am on Feb 1, 2014 (gmt 0)

WebmasterWorld Senior Member 5+ Year Member

I think they are talking about a 3rd party DB like when 6MM username/passwords were stolen from LinkedIn. Many of those users were Yahoo! users and used their Yahoo! email to log into LinkedIn. AND to make matters worse, their LinkedIn password was the same as their Yahoo! password.

So when 3rd party DBs are compromised that have email/password, if it is a Yahoo! or Gmail account then the first thing they try to do is go to that email account at Yahoo! or Gmail and try to login with that username and the 3rd party password. You'd be surprised how many times they use the same password as their real email account password.

Featured Threads

Hot Threads This Week

Hot Threads This Month