Virtual Event Now Live: Cloud Security Summit | July 17 - Access Livestream
Connect with us

Hi, what are you looking for?



Hackers Hit Yahoo Mail With Mass Account Checker Attack

Yahoo has issued a warning of an attack targeting users of its email service, and is initiating password resets for potentially affected accounts.

Yahoo has issued a warning of an attack targeting users of its email service, and is initiating password resets for potentially affected accounts.

“Recently, we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts,” Jay Rossiter, SVP, Platforms and Personalization Products at Yahoo, wrote in a blog post Thursday. “Upon discovery, we took immediate action to protect our users, prompting them to reset passwords on impacted accounts.”

According to Rossiter, the list of usernames and passwords that was used to execute the attack was likely obtained from hacking another site and stealing the list of login credentials.

Expert InsightExercising Alternatives to Detect and Prevent Brute Force Attacks

Yahoo Email Accounts Hacked

Yahoo does not believe the list of accounts were obtained directly from Yahoo’s systems, and the company did not elaborate on the extent of the attack or provide any numbers as to how many accounts may have been illegally accessed or how many hack attempts were made.

The attackers appear to be after names and email addresses from the affected accounts’ most recent sent emails, Yahoo said. Such a move could help the attackers build an extended database and conduct personalized attacks appearing to be from the victimized Yahoo email account.

“Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts,” Rossiter noted.

If the attack was done at scale, which it seems it was, it’s likely that the attackers made use of a botnet to execute the attack.

Advertisement. Scroll to continue reading.

These types of attacks are known as “account checker attacks” and are automated attacks that are commonly used by cybercriminals to hack into user accounts. In these attacks, automated attack tools and account checker scripts are used to determine valid user ID/password combinations.

Automated attacks are nothing new, and security firms have been warning about them for years, though attackers are increasingly using automation in their ongoing attacks.

“Hackers will use brute force attacks to test stolen usernames and passwords from one source to gain access to another say, bank accounts, Facebook pages, Gmail, you name it,” Juniper Networks’ Michael Callahan wrote in a recent SecurityWeek column.

“Password reuse is rampant, even among people who should know better,” Callahan added. “The single point of failure it creates can lead to a data breach from one company causing a major ripple of compromises across many other sites.”

“Most recently, the major loss of usernames and passwords from Adobe caused Facebook and Evernote to prompt users to reset passwords to avoid these attacks,” Callahan said.

In July 2013, Akamai Technologies warned in its State of the Internet Report that it was seeing a rise in account takeover attacks hitting e-commerce companies.

Yahoo said it has implemented additional measures to block attacks against its systems, and that the company is working with federal law enforcement to investigate the attack.

Just over a week ago, Germany’s Federal Office for Online Security warned Internet users that cybercriminals had obtained a list of 16 million email addresses and passwords.

Related Reading: Hackers Just Made Off with Two Million Passwords, Now What?

Expert Insight: Exercising Alternatives to Detect and Prevent Brute Force Attacks

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment


Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Learn how to utilize tools, controls, and design models needed to properly secure cloud environments.


Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.


People on the Move

CISA has appointed Jeff Greene as Executive Assistant Director for Cybersecurity and Trent Frazier as Assistant Director for Stakeholder Engagement.

Anirban Sengupta has been named the CTO and SVP of Engineering of cloud networking and security firm Aviatrix.

Axonius has named Nick Degnan as its first Chief Revenue Officer and Rob Casselman as its first Chief Customer Officer.

More People On The Move

Expert Insights