Yahoo Mail can be considered one of the worst e-mail services out there on the internet issues security. In 2014 the company after a hack exposed 500 million accounts, but decided to keep it a secret, exposing its users to very serious risks.
What has changed today? Probably not too much:
Security researcher Jouko Pynnonen discovered a cross-site scripting (XSS) security flaw in service Yahoo Mail that essentially enables an attacker to have access to any account and read emails freely.
Yahoo reportedly corrected this flaw last week by rewarding the researcher with 10.000 dollars, according to the company's bug bounty program.
Pynnonen explained that it was possible for an attacker to break into company accounts simply by bypassing the HTML filtering Yahoo uses for the links they hide malicious JavaScript code.
Worst of all, users did not even need to click on links or open attachments. They were opening the e-mail message sent to them by the hacker.
The flaw allows an attacker to read a victim's email or create a virus to infect Yahoo Mail accounts, among others. The attack requires the victim to see an email sent by the attacker. There is no need for any further interaction (such as clicking on a link or opening an attachment), ”says the researcher.
Yahoo was notified of the hack on November 12 and fixed it on November 29. So now you are supposed to be safe.
https://klikki.fi/adv/yahoo2.html
