Questions tagged [yahoo]

An American multinational technology company known for its web portal, search engine, and related services like mail and finance portals.

25 questions
78
votes
4 answers

How long will it take to crack the passwords stolen in the Yahoo hack announced 14 Dec 2016?

Apparently Yahoo was hacked yet again with up to a billion user accounts being compromised. The article says Yahoo uses MD5 for password hashing. Are the hackers likely to be able to crack the passwords too? How long will it take to crack 1…
soadyp
  • 895
  • 2
  • 7
  • 11
10
votes
2 answers

Yahoo mail hacked - how to recover, how did it happen and how to prevent?

I was yesterday informed by some friends that they received spam mails with my name as sender. The sender addresses look like firstnamelastname@spacepc.pt and firstnamelastname@revistaplot.com with the subject line "from: Firstname Lastname" and the…
user1204121
  • 201
  • 1
  • 2
  • 5
10
votes
3 answers

Yahoo Security Breach Affecting 500,000,000+ Accounts: Why would they believe it was "state-sponsored"?

It was recently disclosed that private information pertaining to over 500 million Yahoo accounts was stolen. Yahoo's Chief Information Security Officer, Bob Lord, states that the information was stolen from Yahoo's computers by what Yahoo "believes…
7
votes
3 answers

Why does DKIM verification succeed with a signature from Yahoo when all headers are spoofed to look like GMail?

Today I got a scam e-mail which I decided to disect. I quickly found that it was sent from a GMail address (From, Reply-To, Return-Path) but that the mail itself came from Yahoo. HELO from Yahoo Received from IP maps both forward and reverse Mail…
jornane
  • 415
  • 2
  • 14
5
votes
1 answer

How secure is Yahoo Account Key?

I (along with a billion or so other people) was notified about my Yahoo! account being potentially compromised yesterday. While I'm not worried about that (I have changed my password since then, have a very long and complex password, and don't…
Joe
  • 209
  • 1
  • 2
  • 8
4
votes
2 answers

How can an email from a Yahoo address be sent through Yahoo without authentication?

I received this bounced email, yet I have a password with 105 bits entropy, my sign in history only shows local sign ins, I do not have any linked accounts nor apps, and I have not been to GermanyDenmark. Received: (qmail 90091 invoked by uid 102);…
Chloe
  • 1,668
  • 3
  • 15
  • 30
4
votes
1 answer

How can one recover from the Yahoo! XSS attack?

Many Yahoo!/SBC Global email accounts have been hijacked via an infamous XSS attack. The accounts are often used to send spam to random members of the user's personal address book. The spam often advertises a weight loss solution on a fake clone of…
Sean W.
  • 835
  • 4
  • 14
4
votes
1 answer

Being directed to hacked site only when searched through Yahoo

A local wolf sanctuary had just posted a warning on Facebook to not visit their site because it had been hacked. However, it only sends you to the hacked site when searching through Yahoo. I was curious as to how this might be working and why it's…
Lalone
  • 53
  • 5
4
votes
1 answer

Odd search engine entries

A customer found about a dozen valid URLs pointing to existing customer related documents at Yahoo. These URLs were not public and certainly not searchable at the customer's site. The documents have hard to guess names like…
countermode
  • 684
  • 1
  • 7
  • 22
3
votes
3 answers

Yahoo Account hacked, changed pw, spam still going out elsewhere?

Spam emails went out for an hour earlier this week bearing my Yahoo account in the FROM field and going out to all my contacts. I changed the password, then saw (via rejected emails sent to my Yahoo account) that mail had gone out again with my…
Caveatrob
  • 141
  • 1
  • 1
  • 5
3
votes
1 answer

Yahoo account "secure" but spam sent from my address

My Yahoo account shows no suspicious activity, only log-ins from my desktop and 2 of my devices. But a friend was spammed twice within a short time today from my email address. I use Yahoo's Account Key system, so there is no password to change.…
AlfieB
  • 41
  • 1
2
votes
1 answer

How were Cryptographic nonces used in the Yahoo! data breach?

How does an attacker use Cryptographic nonces to generate access cookies through a script on a server? As what happened to Yahoo! servers.
1
vote
2 answers

Yahoo! Mail logging in with 2FA code only

I came across a serious issue with Yahoo! Mail that I hope someone would help to fix or raise awareness for. I wanted to create an account on Yahoo! Mail. I entered my phone number to the Yahoo! login, and it asked me if I wanted to receive an…
Jack Patrick
  • 21
  • 1
  • 3
1
vote
1 answer

Why do scammers use emails like yahoo?

I was doing a Cyber Security and IT audit for a company. I was told that they had very little in terms of fraud protection, one of the only ways that they detected potential fraudsters was by manually checking if the email address was Yahoo or not.…
user5623335
  • 381
  • 1
  • 4
  • 12
1
vote
1 answer

XSS attempt from Google Captcha at login.yahoo.net? (NoScript)

Recently I tried to login into my Yahoo mail account with Firefox ESR where NoScript showed me this warning when the captcha was shown at the login: NoScript filtered a potential cross-site scripting (XSS) attempt from [https.login.yahoo.net].…
1
2