The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: email hacking

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks

Over Dozen Popular Email Clients Found Vulnerable to Signature Spoofing Attacks
April 30, 2019Swati Khandelwal
A team of security researchers has discovered several vulnerabilities in various implementations of OpenPGP and S/MIME email signature verification that could allow attackers to spoof signatures on over a dozen of popular email clients. The affected email clients include Thunderbird, Microsoft Outlook, Apple Mail with GPGTools, iOS Mail, GpgOL, KMail, Evolution, MailMate, Airmail, K-9 Mail, Roundcube and Mailpile. When you send a digitally signed email, it offers end-to-end authenticity and integrity of messages, ensuring recipients that the email has actually come from you. However, researchers tested 25 widely-used email clients for Windows, Linux, macOS, iOS, Android and Web and found that at least 14 of them were vulnerable to multiple types of practical attacks under five below-mentioned categories, making spoofed signatures indistinguishable from a valid one even by an attentive user. The research was conducted by a team of researchers from Ruhr University Bochum and

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission
April 18, 2019Swati Khandelwal
Not a week goes without a new Facebook blunder. Remember the most recent revelation of Facebook being caught asking users new to the social network platform for their email account passwords to verify their identity? At the time, it was suspected that Facebook might be using access to users' email accounts to unauthorizedly and secretly gather a copy of their saved contacts. Now it turns out that the collection of email contacts was true, Facebook finally admits. In a statement released on Wednesday, Facebook said the social media company "unintentionally" uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016. In other words, nearly 1.5 million users had shared passwords for their email accounts with Facebook as part of its dubious verification process. A Facebook spokesperson shared information with Business Insider that the company was using harvested data to "build Facebook'

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts
April 13, 2019Swati Khandelwal
If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News. Earlier this year, hackers managed to breach Microsoft's customer support portal and access information related to some email accounts registered with the company's Outlook service. Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019. Another user on Reddit also confirmed that he/she too received the same email from Microsoft. According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft's customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not

T-Mobile Hacked — 2 Million Customers' Personal Data Stolen

T-Mobile Hacked — 2 Million Customers' Personal Data Stolen
August 24, 2018Mohit Kumar
T-Mobile today confirmed that the telecom giant suffered a security breach on its US servers on August 20 that may have resulted in the leak of "some" personal information of up to 2 million T-Mobile customers. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type (prepaid or postpaid). However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach. According to a brief blog post published by the company detailing the incident, its cybersecurity team detected and shut down an "unauthorized capture of some information" on Monday, August 20. Although the company has not revealed how the hackers managed to hack into its servers neither it disclosed the exact number of customers affected by the data breach, a T-Mobile spokesperson told Motherboard that less than 3 percent of its 77 m

21-Year-Old Woman Charged With Hacking Selena Gomez's Email Account

21-Year-Old Woman Charged With Hacking Selena Gomez's Email Account
July 17, 2018Wang Wei
A 21-year-old New Jersey woman has been charged with hacking into the email accounts of pop star and actress Selena Gomez, stealing her personal photos, and then leaked them to the Internet. Susan Atrach of Ridgefield Park was charged Thursday with 11 felony counts—five counts of identity theft, five counts of accessing and using computer data to commit fraud or illegally obtain money, property or data, and one count of accessing computer data without permission. According to the prosecutors, Atrach allegedly hacked into email accounts belonging to Gomez and one of her associates several times between June 2015 and February 2016, the Los Angeles County District Attorney's office said in a press release . She then obtained images and other media stored there and shared them with her friends and posted them online. Gomez, who has more than 138 million followers on Instagram, was the victim of a hacking attack in August 2017, when photographs of her ex-boyfriend Justin Bieb

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term

British Schoolboy Who Hacked CIA Director Gets 2-Year Prison Term
April 21, 2018Swati Khandelwal
The British teenager who managed to hack into the online accounts of several high-profile US government employees sentenced to two years in prison on Friday. Kane Gamble , now 18, hacked into email accounts of former CIA director  John Brennan , former Director of National Intelligence James Clapper , former FBI Deputy Director Mark Giuliano , and other senior FBI officials—all from his parent's home in Leicestershire. Gamble, who went by the online alias Cracka, was just 15 at the time of carrying out those attacks and was the alleged founder of a hacking group calling themselves Crackas With Attitude (CWA). The notorious pro-Palestinian hacking group carried out a series of embarrassing attacks against U.S. intelligence officials and leaked personal details of 20,000 FBI agents , 9,000 officers from Department of Homeland Security, and some number of DoJ staffers in 2015. The teenager was arrested in February 2016 at his home in Coalville and pleaded guilty to 8 charg

Deloitte Hacked — Cyber Attack Exposes Clients' Emails

Deloitte Hacked — Cyber Attack Exposes Clients' Emails
September 25, 2017Unknown
Another day, another data breach. This time one of the world's "big four" accountancy firms has fallen victim to a sophisticated cyber attack. Global tax and auditing firm Deloitte has confirmed the company had suffered a cyber attack that resulted in the theft of confidential information, including the private emails and documents of some of its clients. Deloitte is one of the largest private accounting firms in the U.S. which offers tax, auditing, operations consulting, cybersecurity advisory, and merger and acquisition assistance services to large banks, government agencies and large Fortune 500 multinationals, among others. The global accountancy firm said Monday that its system had been accessed via an email platform from October last year through this past March and that "very few" of its clients had been affected, the Guardian reports . The firm discovered the cyber attack in March, but it believes the unknown attackers may have had access to i

Over 711 Million Email Addresses Exposed From SpamBot Server

Over 711 Million Email Addresses Exposed From SpamBot Server
August 30, 2017Swati Khandelwal
A massive database of 630 million email addresses used by a spambot to send large amounts of spam to has been published online in what appears to be one of the biggest data dumps of its kind. A French security researcher, who uses online handle Benkow , has spotted the database on an "open and accessible" server containing a vast amount of email addresses, along with millions of SMTP credentials from around the world. The database is hosted on the spambot server in Netherlands and is stored without any access controls, making the data publicly available for anyone to access without requiring any password. According to a blog post published by Benkow, the spambot server, dubbed "Onliner Spambot," has been used to send out spams and spread a banking trojan called Ursnif to users since at least 2016. Ursnif Banking Trojan is capable of stealing banking information from target computers including credit card data, and other personal information like login

Simple Exploit Allows Attackers to Modify Email Content — Even After It's Sent!

Simple Exploit Allows Attackers to Modify Email Content — Even After It's Sent!
August 23, 2017Unknown
Security researchers are warning of a new, easy-to-exploit email trick that could allow an attacker to turn a seemingly benign email into a malicious one after it has already been delivered to your email inbox. Dubbed Ropemaker (stands for Remotely Originated Post-delivery Email Manipulation Attacks Keeping Email Risky), the trick was uncovered by Francisco Ribeiro, the researcher at email and cloud security firm Mimecast. A successful exploitation of the Ropemaker attack could allow an attacker to remotely modify the content of an email sent by the attacker itself, for example swapping a URL with the malicious one. This can be done even after the email has already been delivered to the recipient and made it through all the necessary spam and security filters, without requiring direct access to the recipient’s computer or email application, exposing hundreds of millions of desktop email client users to malicious attacks. Ropemaker abuses Cascading Style Sheets (CSS) and Hyp

Game of Thrones (Season 7) Episode 5 Script Leaked — Hacker Demands Millions in Ransom

Game of Thrones (Season 7) Episode 5 Script Leaked — Hacker Demands Millions in Ransom
August 08, 2017Wang Wei
The hacking group that recently hacked HBO has just dropped its second trove of documents, including a month emails of one of the company's executives, and a detailed script of the upcoming fifth episode of "Game of Thrones" Season 7, set to be aired on August 13. The latest release is the second leak from the hackers who claimed to have obtained around 1.5 terabytes of information from HBO, following the release of upcoming episodes of "Ballers" and "Room 104," and a script of the fourth episode of "Game of Thrones." With the release of another half-gigabyte sample of its stolen HBO data, the hacking group has finally demanded a ransom worth millions of dollars from the entertainment giant in order to prevent further leaks. The latest HBO data dump includes company's several internal documents, including emails, employment agreements, financial balance sheets, and marketing-strategy PDFs, along with the script of the yet-to-ai

UK Parliament Hit by Cyberattack, Up to 90 MPs' E-mail Accounts Hacked

UK Parliament Hit by Cyberattack, Up to 90 MPs' E-mail Accounts Hacked
June 26, 2017Mohit Kumar
A cyber attack has hit the email system of UK Houses of Parliament on Friday morning that breached at least 90 emails accounts protected by weak passwords belonging to MPs, lawmakers, and other parliamentary staff. Meanwhile, as a precaution, the Security service has temporarily shut down the remote access (outside the Westminster) to its network to protect email accounts. Liberal Democrat Chris Rennard has advised on Twitter that urgent messages should be sent by text message. "We have discovered unauthorized attempts to access accounts of parliamentary networks users and are investigating this ongoing incident, working closely with the National Cyber Security Centre," the spokesperson said . "Parliament has robust measures in place to protect all of our accounts and systems, and we are taking the necessary steps to protect and secure our network." The authorities found less than 1% of parliament’s 9,000 email addresses had been compromised using the

Three Chinese Hackers Fined $9 Million for Stealing Trade Secrets

Three Chinese Hackers Fined $9 Million for Stealing Trade Secrets
May 11, 2017Wang Wei
Hackers won't be spared. Three Chinese hackers have been ordered to pay $8.8 million (£6.8 million) after hacking email servers of two major New York-based law firms to steal corporate merger plans in December 2016 and used them to trade stocks. The U.S. District Judge Valerie Caproni in Manhattan sued 26-year-old Iat Hong, 30-year-old Bo Zheng, and 50-year-old Hung Chin, over a multi-million dollar insider trading scam. According to BBC News , the U.S. Securities Exchange Commission (SEC) alleged the three hackers targeted 7 different law firms, but managed to installed malware on networks belonging to two law firms only, then compromised their IT admin accounts that gave the trio access to every email account at the firms. Access to the email and web servers allowed them to gain information on planned business mergers and/or acquisitions. The trio then used this information to buy company stock before the deal, and then sell it after the public announcement of the merger

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web

Hacker Selling Over 1 Million Decrypted Gmail and Yahoo Passwords On Dark Web
March 06, 2017Swati Khandelwal
Hardly a day goes without headlines about any significant data breach. In past year, billions of accounts from popular sites and services, including LinkedIn , Tumblr , MySpace , Last.FM , Yahoo! , VK.com were exposed on the Internet. Now, according to the recent news, login credentials and other personal data linked to more than one Million Yahoo and Gmail accounts are reportedly being offered for sale on the dark web marketplace. The online accounts listed for sale on the Dark Web allegedly contain usernames, emails, and plaintext passwords. The accounts are not from a single data breach; instead, several major cyber-attacks believed to have been behind it. The hacker going by the online handle 'SunTzu583' has listed a number of cracked email packages on a series of dark websites, HackRead reported. Here's the Full List of Accounts and their Prices: 100,000 Yahoo accounts acquired from 2012 Last.FM data breach , for 0.0084 Bitcoins ($10.76). Another 1

US Judge Ordered Google to Hand Over Emails Stored On Foreign Servers to FBI

US Judge Ordered Google to Hand Over Emails Stored On Foreign Servers to FBI
February 07, 2017Swati Khandelwal
In this world of global mass surveillance by not the only US, but also intelligence agencies across the world, every other country wants tech companies including Google, Apple, and Microsoft to set-up and maintain their servers in their country to keep their citizen data within boundaries. Last year, Microsoft won a case which ruled that the US government cannot force tech companies to hand over their non-US customers' data stored on servers located in other countries to the FBI or any other federal authorities. However, a new notable ruling just goes against the court judgment last year, raising concerns regarding people's privacy. A US magistrate reportedly ruled Friday that Google has to comply with FBI search warrants seeking customer emails stored on servers outside of the United States, according to RT . U.S. Magistrate Judge Thomas Rueter in Philadelphia noted that transferring emails from outside servers so FBI could read them locally as part of a domestic f

President Trump's @POTUS Twitter Linked To A Private Gmail Account

President Trump's @POTUS Twitter Linked To A Private Gmail Account
January 27, 2017Mohit Kumar
It seems like the new American President's Twitter account could easily be hacked due to security blunders he made with the most powerful Twitter account in the world, experts warned. Days after we got to know that the newly inaugurated President Donald Trump was still using his old, insecure Android smartphone, it has now been revealed that the official @POTUS Twitter account was linked to a private Gmail account. Since we are already aware of the potential scandal with government officials using outside email systems following the hack of private e-mail servers of Hillary Clinton and George W. Bush , the choice of using private, non-government email address by Trump has raised serious concerns about the security of the White House's closely watched account. To gain control of the official @POTUS Twitter account, which may or may not is secured with some form of two-factor authentication , all an attacker needs to do is hack the email address associated with the acc

Don't Fall For This Dangerously Convincing Ongoing Phishing Attack

Don't Fall For This Dangerously Convincing Ongoing Phishing Attack
January 16, 2017Mohit Kumar
Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim's Gmail account, and once they are in, they start rifling through inboxes to launch secondary attacks in order to pass on the attack. The hackers first look for an attachment that victims have previously sent to their contacts and a relevant subject from an actual sent email. Then the criminals will start gathering up contact email addresses, who become the new targets of the attackers. After finding one, the hackers create an image (screenshot) of that attachment and include it in reply to the sender with the same or similar subject for the email, invoking recognition and automatic trust. What makes this attack so effective is that the phishing emails come from someone the victim knows. This new Gmail phishi

Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach

Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach
December 15, 2016Swati Khandelwal
In what believe to be the largest data breach in history, Yahoo is reporting a massive data breach that disclosed personal details associated with more than 1 Billion user accounts in August 2013. …And it's separate from the one disclosed by Yahoo! in September, in which hackers compromised as many as 500 Million user accounts in late 2014. What's troubling is that the company has not been able to discovered how "an unauthorized third party" were able to steal the data associated with more than one Billion users. The data breach officially disclosed on Wednesday actually occurred in 2013 and, just like the one in 2014, allowed the cyber crooks to obtain personal information of its users but not credit card details. Here's what Yahoo's chief information security officer Bob Lord says the hackers obtained: "The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using

Yahoo Flaw Allowed Hackers to Read Anyone's Emails

Yahoo Flaw Allowed Hackers to Read Anyone's Emails
December 08, 2016Swati Khandelwal
Yahoo has patched a critical security vulnerability in its Mail service that could have allowed an attacker to spy on any Yahoo user's inbox. Jouko Pynnönen, a Finnish Security researcher from security firm Klikki Oy, reported a DOM based persistent XSS (Cross-Site Scripting) in Yahoo mail, which if exploited, allows an attacker to send emails embedded with malicious code. In his blog post published today, the researcher demonstrated how a malicious attacker could have sent the victim's inbox to an external site, and created a virus that attached itself to all outgoing emails by secretly adding a malicious script to message signatures. Since the malicious code is in the message's body, the code will get executed as soon as the victim opens the boobytrapped email and its hidden payload script will covertly submit victim's inbox content to an external website controlled by the attacker. This issue is because Yahoo Mail failed to properly filter potentially malici

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals

Donald Trump's Email Servers are Horribly Insecure — Researcher Reveals
October 18, 2016Swati Khandelwal
When Hillary Clinton's private email server was hacked earlier this year, she was criticized for her bad security practices that exposed top secret documents stored in emails on that private server. The FBI called her behavior 'extremely careless.' Republican presidential candidate Donald Trump and his supporters are continuously criticizing Clinton's use of a private email server. And here's what Trump lectured in a debate about cybersecurity: "The security aspect of cyber is very, very tough. And maybe it's hardly doable. But I will say, we are not doing the job we should be doing. But that's true throughout our whole governmental society. We have so many things that we have to do better, Lester, and certainly, cyber is one of them." Forget Clinton; Trump has so worryingly insecure internet setup that anyone with little knowledge of computers can expose almost everything about Trump and his campaign. Security researcher Kevin Beaumont,

Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On

Yahoo Disables Email Auto-Forwarding; Making It Harder for Users to Move On
October 11, 2016Swati Khandelwal
Yahoo! has disabled automatic email forwarding -- a feature that lets its users forward a copy of incoming emails from one account to another. The company has faced lots of bad news regarding its email service in past few weeks. Last month, the company admitted a massive 2014 data breach that exposed account details of over 500 Million Yahoo users. If this wasn't enough for users to quit the service, another shocking revelation came last week that the company scanned the emails of hundreds of millions of its users at the request of a U.S. intelligence service last year. That's enough for making a loyal Yahoo Mail user to switch for other rival alternatives, like Google Gmail, or Microsoft's Outlook. Yahoo Mail Disables Auto-Forwarding; Making It Hard to Leave But as Yahoo Mail users are trying to leave the email service, the company is making it more difficult for them to transition to another email service. That's because since the beginning of Octob
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.