Highest Voted 'yahoo' Questions - IT Security Stack Exchange

78

votes

4 answers

How long will it take to crack the passwords stolen in the Yahoo hack announced 14 Dec 2016?

Apparently Yahoo was hacked yet again with up to a billion user accounts being compromised. The article says Yahoo uses MD5 for password hashing. Are the hackers likely to be able to crack the passwords too? How long will it take to crack 1…

asked Dec 15 '16 at 07:09

soadyp

895
2
7
11

10

votes

2 answers

Yahoo mail hacked - how to recover, how did it happen and how to prevent?

I was yesterday informed by some friends that they received spam mails with my name as sender. The sender addresses look like firstnamelastname@spacepc.pt and firstnamelastname@revistaplot.com with the subject line "from: Firstname Lastname" and the…

email attacks spam yahoo

asked Jul 31 '15 at 09:24

user1204121

201
1
2
5

10

votes

3 answers

Yahoo Security Breach Affecting 500,000,000+ Accounts: Why would they believe it was "state-sponsored"?

It was recently disclosed that private information pertaining to over 500 million Yahoo accounts was stolen. Yahoo's Chief Information Security Officer, Bob Lord, states that the information was stolen from Yahoo's computers by what Yahoo "believes…

email system-compromise yahoo

asked Sep 23 '16 at 02:13

RockPaperLz- Mask it or Casket

3,114
21
50

7

votes

3 answers

Why does DKIM verification succeed with a signature from Yahoo when all headers are spoofed to look like GMail?

Today I got a scam e-mail which I decided to disect. I quickly found that it was sent from a GMail address (From, Reply-To, Return-Path) but that the mail itself came from Yahoo. HELO from Yahoo Received from IP maps both forward and reverse Mail…

email phishing gmail dkim yahoo

asked Feb 28 '18 at 13:42

jornane

415
2
14

5

votes

1 answer

How secure is Yahoo Account Key?

I (along with a billion or so other people) was notified about my Yahoo! account being potentially compromised yesterday. While I'm not worried about that (I have changed my password since then, have a very long and complex password, and don't…

passwords multi-factor yahoo

asked Dec 15 '16 at 17:20

Joe

209
1
2
8

4

votes

2 answers

How can an email from a Yahoo address be sent through Yahoo without authentication?

I received this bounced email, yet I have a password with 105 bits entropy, my sign in history only shows local sign ins, I do not have any linked accounts nor apps, and I have not been to GermanyDenmark. Received: (qmail 90091 invoked by uid 102);…

email email-spoofing yahoo

asked Apr 03 '14 at 21:52

Chloe

1,668
3
15
30

4

votes

1 answer

How can one recover from the Yahoo! XSS attack?

Many Yahoo!/SBC Global email accounts have been hijacked via an infamous XSS attack. The accounts are often used to send spam to random members of the user's personal address book. The spam often advertises a weight loss solution on a fake clone of…

xss yahoo

asked Mar 22 '13 at 03:12

Sean W.

835
4
14

4

votes

1 answer

Being directed to hacked site only when searched through Yahoo

A local wolf sanctuary had just posted a warning on Facebook to not visit their site because it had been hacked. However, it only sends you to the hacked site when searching through Yahoo. I was curious as to how this might be working and why it's…

system-compromise yahoo

asked Mar 28 '18 at 06:06

Lalone

53
5

4

votes

1 answer

Odd search engine entries

A customer found about a dozen valid URLs pointing to existing customer related documents at Yahoo. These URLs were not public and certainly not searchable at the customer's site. The documents have hard to guess names like…

data-leakage yahoo search-engines

asked Aug 16 '16 at 15:21

countermode

684
1
7
22

3

votes

3 answers

Yahoo Account hacked, changed pw, spam still going out elsewhere?

Spam emails went out for an hour earlier this week bearing my Yahoo account in the FROM field and going out to all my contacts. I changed the password, then saw (via rejected emails sent to my Yahoo account) that mail had gone out again with my…

email yahoo

asked Feb 27 '14 at 19:32

Caveatrob

141
1
1
5

3

votes

1 answer

Yahoo account "secure" but spam sent from my address

My Yahoo account shows no suspicious activity, only log-ins from my desktop and 2 of my devices. But a friend was spammed twice within a short time today from my email address. I use Yahoo's Account Key system, so there is no password to change.…

passwords email spam account-security yahoo

asked Mar 31 '17 at 09:02

AlfieB

41
1

2

votes

1 answer

How were Cryptographic nonces used in the Yahoo! data breach?

How does an attacker use Cryptographic nonces to generate access cookies through a script on a server? As what happened to Yahoo! servers.

cryptography attacks cookies nonce yahoo

asked Sep 12 '19 at 21:45

Ayush Ambastha

73
6

1

vote

2 answers

Yahoo! Mail logging in with 2FA code only

I came across a serious issue with Yahoo! Mail that I hope someone would help to fix or raise awareness for. I wanted to create an account on Yahoo! Mail. I entered my phone number to the Yahoo! login, and it asked me if I wanted to receive an…

authentication multi-factor yahoo

asked Feb 24 '20 at 11:36

Jack Patrick

21
1
3

1

vote

1 answer

Why do scammers use emails like yahoo?

I was doing a Cyber Security and IT audit for a company. I was told that they had very little in terms of fraud protection, one of the only ways that they detected potential fraudsters was by manually checking if the email address was Yahoo or not.…

email fraud e-commerce scam yahoo

asked May 23 '18 at 09:27

user5623335

381
1
4
12

1

vote

1 answer

XSS attempt from Google Captcha at login.yahoo.net? (NoScript)

Recently I tried to login into my Yahoo mail account with Firefox ESR where NoScript showed me this warning when the captcha was shown at the login: NoScript filtered a potential cross-site scripting (XSS) attempt from [https.login.yahoo.net].…

xss google captcha yahoo

asked Aug 27 '17 at 20:27

user38395734

11
1

Questions tagged [yahoo]