Do you still have a Yahoo Mail account? The tech company made its way onto the scene in 1994 and became a popular search engine and email service. However, it's had a very rough year.
First we learned of a massive data breach that could have impacted billions of users. Then we found out Yahoo was allegedly complying with a government security agency's request to spy on all incoming emails. Now, there is more troubling news coming out about the tech giant.
Security researcher Jouko Pynnonen recently discovered a severe security vulnerability with Yahoo Mail. The flaw would allow an attacker to access the victim's email account.
This was a cross-site scripting (XSS) attack, similar to the one discovered by Pynnonen around the same time last year. Watch this video to see a brief detail of last year's discovery:
Why this flaw is so alarming
What's terrifying about this is the victim wouldn't even need to click on a malicious link to be affected. You only had to view an email sent by the scammer for your Yahoo Mail account to be compromised.
Yahoo filters HTML messages, which is supposed to keep malicious code from making its way into a user's inbox. However, Pynnonen discovered a vulnerability that kept the filters from catching all malicious code. It had to do with different types of attachments that could be added to emails.
The good news is once Pynnonen reported the flaw, Yahoo fixed it. The tech giant also paid him $10,000 for discovering the vulnerability through its Bug Bounty Program.
Even though these flaws have been patched, it's been a rough stretch for Yahoo. If all of these problems worry you, you might want to close your Yahoo accounts. Here are instructions on how to do that:
- How to close your Yahoo account:
- Go to the "Terminating your Yahoo account" page.
- Read the information under "Before continuing, please consider the following information."
- Confirm your password - if you forgot your password, you can recover it with the Yahoo Sign-in Helper.
- Click Terminate this Account.
Remember, if you do close your Yahoo account, you will not be able to use services associated with it. So if you decide to keep your account, at the very least make sure you have a strong password. Here are three proven formulas for creating hack-proof passwords.
You can also enable two-step verification, set up a Yahoo Account Key, or use a password manager. It's always better to be safe than sorry!
Author: Mark Jones
Source: http://www.komando.com/
