{"id":8085,"date":"2013-02-15T23:10:19","date_gmt":"2013-02-16T04:10:19","guid":{"rendered":"https:\/\/1001harf.com\/?p=8085"},"modified":"2013-02-15T23:10:20","modified_gmt":"2013-02-16T04:10:20","slug":"yahoo-mail-users-hit-by-a-lone-hacker-by-the-name-shahin-ramezany-%d8%b1%d9%85%d8%b6%d8%a7%d9%86%db%8c","status":"publish","type":"post","link":"https:\/\/1001harf.com\/yahoo-mail-users-hit-by-a-lone-hacker-by-the-name-shahin-ramezany-%d8%b1%d9%85%d8%b6%d8%a7%d9%86%db%8c\/","title":{"rendered":"Yahoo Mail users hit by a lone hacker by the name Shahin Ramezany \u0631\u0645\u0636\u0627\u0646\u06cc"},"content":{"rendered":"

Recommendation: If you are receiving emails from iranian friends switch to gmail (google.com) \u00a0for now.<\/span><\/h2>\n

Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While \u201chacked\u201d is a very broad term nowadays, it does appear that Yahoo email accounts are being compromised after users click on a malicious link they receive in their inboxes.<\/p>\n

Update: Yahoo says it has plugged the security hole in question but researchers beg to differ, as detailed at the bottom of this article.<\/p>\n

A bit of digging shows the attack seems to have been carried out by a lone hacker by the name Shahin Ramezany \u0634\u0627\u0647\u06cc\u0646 \u0631\u0645\u0636\u0627\u0646\u06cc. He has uploaded a video to YouTube demonstrating how to compromise a Yahoo account by leveraging a DOM-based XSS vulnerability that is exploitable in all major browsers:<\/p>\n

http:\/\/www.youtube.com\/watch?v=GJsMRDyC9eY \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0Video is already removed by youtube<\/p>\n

The technique shown off is very simple, can be performed in just a few minutes, and seems to be very easy to automate. In his only tweet about the hack so far, Ramezany notes the vulnerability puts some 400 million Yahoo users at risk and promises the full details of his method will be posted after Yahoo plugs the security hole.<\/p>\n

It\u2019s not currently clear how many Yahoo Mail users have already been affected by this flaw, but it does look as if the number is growing quickly. A search on Twitter for Yahoo hacked shows that many have either had their accounts compromised, or are receiving spam from their friends with Yahoo accounts.<\/p>\n

This warning from an actress and singer sums up the situation perfectly:<\/p>\n

This isn\u2019t the first time Yahoo Mail has been attacked by hackers, and it likely won\u2019t be the last. The previous such incident was not so long ago, in July 2012, although that was related to a file being swiped from the company\u2019s servers. This appears to be a security hole directly in Yahoo Mail.<\/p>\n

We recommend that users with a Yahoo account change their account passwords and make a point not to click on any suspicious links they receive by email or from anywhere else. In fact, that goes for all users; don\u2019t click on random links, even if you get them from a friend. If you think your account was compromised, also change your password on any related accounts, especially if you use the same password.<\/p>\n

We have contacted Yahoo about this issue. We will update this article if we hear back.<\/p>\n

Update at 1:45PM EST: \u201cWe\u2019ve been looking into it and the US have now confirmed that they are investigating too,\u201d a Yahoo spokesperson in the UK told TNW. \u201cThey will be in touch if there is a comment \u2013 otherwise I recommend that if users are concerned then they should change their passwords immediately.\u201d<\/p>\n

Update at 9:20PM EST: \u201cAt Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data,\u201d a Yahoo spokesperson told TNW. \u201cWe were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.\u201d<\/p>\n

Researchers say Yahoo Mail exploit still active, despite claim of being fixed.<\/p>\n

Recommendation: If you are receiving emails from iranian friends switch to gmail (google.com) \u00a0for now.<\/span><\/h2>\n

 <\/p>\n

 <\/p>\n","protected":false},"excerpt":{"rendered":"

Recommendation: If you are receiving emails from iranian friends switch to gmail (google.com) \u00a0for now. Late last night reports started coming in suggesting that Yahoo Mail users have had their … Read More<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/posts\/8085"}],"collection":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/comments?post=8085"}],"version-history":[{"count":0,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/posts\/8085\/revisions"}],"wp:attachment":[{"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/media?parent=8085"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/categories?post=8085"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/1001harf.com\/wp-json\/wp\/v2\/tags?post=8085"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}