NEWS - January 08, 2013
by Carol~ - 1/8/13 5:42 AM
Yahoo Mail users hit by widespread hacking, XSS exploit seemingly to blame (Update: Fixed)
Late last night reports started coming in suggesting that Yahoo Mail users have had their accounts hacked. While "hacked" is a very broad term nowadays, it does appear that Yahoo email accounts are being compromised after users click on a malicious link they receive in their inboxes.
Update at 6:20PM EST: Yahoo says it has plugged the security hole in question as detailed at the bottom of this article.
A bit of digging shows the attack seems to have been carried out by a lone hacker by the name Shahin Ramezany. He has uploaded a video to YouTube demonstrating how to compromise a Yahoo account by leveraging a DOM-Based XSS vulnerability that is exploitable in all major browsers: [VIDEO]
The technique shown off is very simple, can be performed in just a few minutes, and seems to be very easy to automate. In his only tweet about the hack so far, Ramezany notes the vulnerability puts some 400 million Yahoo users at risk and promises the full details of his method will be posted after Yahoo plugs the security hole.
Continued : http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/
Also: Yahoo Confirms It Has Fixed A Vulnerability In Mail
Yahoo Mail XSS Vulnerability Could Affect Millions of Accounts
Yahoo Mail Endures Another Hacking Vulnerability