The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: hacking yahoo mail

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

18-Byte ImageMagick Hack Could Have Leaked Images From Yahoo Mail Server

May 23, 2017Swati Khandelwal
After the discovery of a critical vulnerability that could have allowed hackers to view private Yahoo Mail images, Yahoo retired the image-processing library ImageMagick. ImageMagick is an open-source image processing library that lets users resize, scale, crop, watermarking and tweak images. The tool is supported by PHP, Python, Ruby, Perl, C++, and many other programming languages. This popular image-processing library made headline last year with the discovery of the then-zero-day vulnerability, dubbed ImageTragick , which allowed hackers to execute malicious code on a Web server by uploading a maliciously-crafted image. Now, just last week, security researcher Chris Evans demonstrated an 18-byte exploit to the public that could be used to cause Yahoo servers to leak other users' private Yahoo! Mail image attachments. 'Yahoobleed' Bug Leaks Images From Server Memory The exploit abuses a security vulnerability in the ImageMagick library, which Evans dubbed
Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack

Yahoo Hacked Once Again! Quietly Warns Affected Users About New Attack

February 16, 2017Mohit Kumar
Has Yahoo rebuilt your trust again? If yes, then you need to think once again, as the company is warning its users of another hack. Last year, Yahoo admitted two of the largest data breaches on record. One of which that took place in 2013 disclosed personal details associated with more than 1 Billion Yahoo user accounts . Well, it's happened yet again. Yahoo sent out another round of notifications to its users on Wednesday, warning that their accounts may have been compromised as recently as last year after an ongoing investigation turned up evidence that hackers used forged cookies to log accounts without passwords. The company quietly revealed the data breach in security update in December 2016, but the news was largely overlooked, as the statement from Yahoo provided information on a separate data breach that occurred in August 2013 involving more than 1 billion accounts. The warning message sent Wednesday to some Yahoo users read: "Based on the ongoing i
Goodbye! Yahoo to rename itself 'Altaba' after Verizon Deal

Goodbye! Yahoo to rename itself 'Altaba' after Verizon Deal

January 10, 2017Swati Khandelwal
It's time to say goodbye to Yahoo! While Yahoo's core internet business was being sold to Verizon for $4.8 Billion , the remaining portions of the company left behind is renaming itself to Altaba Inc, which marks the sad ending of one of the most familiar brand names on the internet. In a public filing with the Securities and Exchange Commission (SEC) on Monday, the company announced that after the planned sale of its core business to telecom giant Verizon, the leftover would change its brand name to Altaba. So, the company's branding you are familiar with will integrate with Verizon, and it is possible that the telecom titan may continue to use the Yahoo brand for some of the services that it will acquire in the deal. The remaining company under the new name Altaba Inc. is hanging on to its 15% ownership of Alibaba and 35.5% stake in Yahoo Japan, which is a joint venture with Softbank. Marissa Mayer to Leave Yahoo Board The newly formed company will operat
1-Billion Yahoo Users' Database Reportedly Sold For $300,000 On Dark Web

1-Billion Yahoo Users' Database Reportedly Sold For $300,000 On Dark Web

December 16, 2016Mohit Kumar
Recently Yahoo disclosed a three-year-old massive data breach in its company that exposed personal details associated with more than 1 Billion user accounts , which is said to be the largest data breach of any company ever. The new development in Yahoo!'s 2013 data breach is that the hacker sold its over Billion-user database on the Dark Web last August for $300,000, according to Andrew Komarov, Chief Intelligence Officer (CIO) at security firm InfoArmor. Komarov told the New York Times that three different buyers, including two "prominent spammers" and the third, is believed to be involved in espionage tactics paid $300,000 to gain control of the entire database. The hacker group that breached Yahoo and sold the database is believed to based in Eastern Europe, but the company still does not know if this information is accurate or not. Beside full names, passwords, date of births and phone numbers of 1 Million Yahoo users, the database also includes backup em
Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach

Yahoo Admits 1 Billion Accounts Compromised in Newly Discovered Data Breach

December 15, 2016Swati Khandelwal
In what believe to be the largest data breach in history, Yahoo is reporting a massive data breach that disclosed personal details associated with more than 1 Billion user accounts in August 2013. …And it's separate from the one disclosed by Yahoo! in September, in which hackers compromised as many as 500 Million user accounts in late 2014. What's troubling is that the company has not been able to discovered how "an unauthorized third party" were able to steal the data associated with more than one Billion users. The data breach officially disclosed on Wednesday actually occurred in 2013 and, just like the one in 2014, allowed the cyber crooks to obtain personal information of its users but not credit card details. Here's what Yahoo's chief information security officer Bob Lord says the hackers obtained: "The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using
Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

Yahoo Email Spying Scandal — Here's Everything that has Happened So Far

October 08, 2016Swati Khandelwal
Today Yahoo! is all over the Internet, but in a way the company would never have expected. It all started days ago when Reuters cited some anonymous sources and reported that Yahoo built a secret software to scan the emails of hundreds of millions of its users at the request of a U.S. intelligence service. At this point, we were not much clear about the intelligence agency: the National Security Agency or the FBI? The news outlet then reported that the company installed the software at the behest of Foreign Intelligence Surveillance Act (FISA) court order. Following the report, the New York Times reported that Yahoo used its system developed to scan for child p*rnography and spam to search for emails containing an undisclosed digital "signature" of a certain method of communication employed by a state-sponsored terrorist organization. Although Yahoo denied the reports, saying they are "misleading," a series of anonymous sources, therefore, unaccounta
Vulnerability in Yahoo Websites Allows Hackers to Delete Any Comment

Vulnerability in Yahoo Websites Allows Hackers to Delete Any Comment

May 24, 2014Wang Wei
Two months ago, we reported a critical vulnerability on the Yahoo Answers platform that allowed a hacker to delete all the posted thread and comments from Yahoo's Suggestion Board website. Recently, a similar vulnerability has been reported by another Egyptian security researcher ' Ahmed Aboul-Ela ', that allows him to delete any comment from all Yahoo Services, including Yahoo News , Yahoo Sports , Yahoo TV , Yahoo Music , Yahoo Weather, Yahoo Celebrity , Yahoo Voices and more. HOW TO DELETE ANY COMMENT When yahoo users comment on any article or post on any of the Yahoo services, they are allowed to delete their own comment anytime. But the reported vulnerability discovered by Ahmed allows them to delete all the comments, even if they are posted by others. To delete a comment, one can initiate the request by clicking on the delete button and once clicked, the page sends a POST request to the Yahoo server with some variables i.e. comment_id and content_id , where comm
Yahoo vulnerability allows Hacker to delete 1.5 million records from Database

Yahoo vulnerability allows Hacker to delete 1.5 million records from Database

March 01, 2014Anonymous
Yahoo! The 4th most visited website on the Internet has been found vulnerable multiple times, and this time a hacker has claimed to spot a critical vulnerability in the Yahoo! sub-domain ' suggestions.yahoo.com ', which could allow an attacker to delete the all the posted thread and comments on Yahoo's Suggestion Board website. Egyptian Cyber Security Analyst, ' Ibrahim Raafat ', found and demonstrated 'Insecure Direct Object Reference Vulnerability' in Yahoo's website on his blog . Exploiting the flaw escalates the user privileges that allow a hacker to delete more than 365,000 posts and 1,155,000 comments from Yahoo! Database . Technical details of the vulnerability are as explained below: Deleting  Comments: While deleting his own comment, Ibrahim noticed the  HTTP Header of POST request, i.e. prop=addressbook& fid=367443 &crumb=Q4 . PSLBfBe . & cid=1236547890 &cmd=delete_comment Where parameter ' fid ' is the
'Optic Nerve' - Dirty NSA hacked into Webcam of millions of Yahoo users for Private Images

'Optic Nerve' - Dirty NSA hacked into Webcam of millions of Yahoo users for Private Images

February 28, 2014Swati Khandelwal
Once again, a new revelation showed the ugly side of the Government who are conducting Global Mass surveillance and previous documents leaked by the whistleblower Edward Snowden have defaced the US Intelligence Agency NSA , who were taking care of a number of projects like PRISM, XKeyscore, DROPOUTJEEP , and various others to carry out surveillance of millions of people. Now, it has been revealed that the US National Security Agency ( NSA ) helped its British counterpart, the Government Communications Headquarters ( GCHQ ), to allegedly capture and store nude images and others from webcam chats of millions of unsuspecting Yahoo users, The Guardian reported. Documents handed to the Guardian by the former NSA contractor Edward Snowden show that the GCHQ's worked with the US intelligence agency NSA on a joint project dubbed as ‘ Optic Nerve ’. The project carried out a bulk surveillance program , under which they nabbed webcam images every five minutes from random Yahoo
Yahoo Mail hacked; Change your account password immediately

Yahoo Mail hacked; Change your account password immediately

January 31, 2014Unknown
A really bad year for the world's second-largest email service provider, Yahoo Mail ! The company announced today, ' we identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts ', user names and passwords of its email customers have been stolen and are used to access multiple accounts. Yahoo did not say how many accounts have been affected, and neither they are sure about the source of the leaked users' credentials. It appears to have come from a third party database being compromised, and not an infiltration of Yahoo's own servers. " We have no evidence that they were obtained directly from Yahoo’s systems. Our ongoing investigation shows that malicious computer software used the list of usernames and passwords to access Yahoo Mail accounts. The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails. " For now, Yahoo is taking proactive actions t
Yahoo Mail turns on HTTPS encryption by default to protect users

Yahoo Mail turns on HTTPS encryption by default to protect users

January 09, 2014Wang Wei
After the release of NSA Secret spying over Internet communications, I am expecting from all tech companies to make surveillance significantly harder. Yahoo has HTTPS encryption support since late 2012, but users had to opt in to use the feature. Documents revealed by the Edward Snowden shows that the NSA secretly accessed data from several tech giants, including Yahoo, by intercepting unencrypted Internet traffic in a program called Muscular. As promised back in October 2013,  Yahoo  has finally enabled the HTTPS connections by default for their users, that will now automatically encrypts the connections between users and its email service. Jeff Bonforte , senior vice-president of communication products at Yahoo announced  in a blog post: It is 100% encrypted by default and protected with 2,048 bit certificates. This encryption extends to your emails, attachments, contacts, as well as Calendar and Messenger in Mail. HTTPS by default is really a good news for Yahoo users, that will
Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

Yahoo Ad Network abused to redirect users to malicious websites serving Magnitude Exploit Kit

January 05, 2014Wang Wei
Internet advertisement networks provide hackers with an effective venue for targeting wide range computers through malicious advertisements. Previously it was reported by some security researchers that Yahoo's online advertising Network is one of the top ad networks were being abused to spread malware by cyber criminals . Recent report published by Fox-IT, Hackers are using Yahoo's advertising servers to distribute malware to hundreds of thousands of users since late last month that affecting thousands of users in various countries. " Clients visiting yahoo.com received advertisements served by ads.yahoo.com. Some of the advertisements are malicious ," the firm reported . More than 300,000 users per hour were being redirected to malicious websites serving 'Magnitude Exploit Kit', that exploits vulnerabilities in Java and installs a variety of different malware i.e. ZeuS Andromeda Dorkbot/Ngrbot Advertisement clicking malware Tinba/Zusy Necurs "
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.