Skip to main content
  1. Home
  2. Web
  3. News

Yahoo Mail exploit by lone hacker sends malicious emails to victim contact lists

Francis Bea
By
fixing yahoo social media
Image used with permission by copyright holder

There are innumerable exploits floating around that can grab a hold of your email address, should you voluntarily click on a mysterious link. Yahoo Mail users have recently been complaining of a hack that was propagating a malicious link sent to contact lists from their own email addresses. A self professed “security researcher,” a.k.a. hacker for the greater good by the name of Shahin Ramezany is the one behind the attack with the clear intent of proving to Yahoo how exploitable mailing platform is.

Ramezany filmed a walk-through from the backend showing users how the exploit works (check it out below for yourself). The hack is “compatible” across all major browsers and exploits an XSS vulnerability, which is really the most common type that you’ll see these days.  Using this, a hacker could gain access to individual accounts and peer through emails, but in this case it’s more about sharing the bug with contacts and seeing it go viral than anything else.

Recommended Videos

Once a victim clicks on a malicious link, the exploit assumes your identity and mass emails your contacts with a catchy subject line and the same link. When the link is clicked on the hack is perpetuated to their contacts and so forth. It should go without saying that if you’re a Yahoo user, be on the look out for strange emails, and if you clicked something strange, go change your password immediately.

Ramezany claims that he will expose his own code, but that won’t come until Yahoo patches the vulnerability. Until then you can direct your blame toward him and him alone since it appears that the hack was a solo effort.

Update: Yahoo reached out to us with the statement: “At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”

Yahoo hasn’t been a stranger to hackers. The last major incident took place in July when 400,000 accounts were purportedly hacked by hacker group D33ds Company, who used a SQL injection method. That method on the other hand was motivated by the desire to publicly expose the email addresses and passwords of its victims. This latest security issues comes just after Yahoo relaunched its email client and mobile apps.

Moral of the story is, change your passwords frequently and don’t click on anything your gut is telling you not to click on (even if it really piques your curiosity). Other than that, it’s up to Yahoo to keep your accounts safe.

Francis Bea
Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
How to create a Subreddit on desktop and mobile
Laptop Working from Home

Few social media sites are as popular as Reddit. Regardless of what you're interested in, there's probably a thriving community for you to interact with on the platform. Known as subreddits, these communities are home to topics like gaming, world news, science, movies, and more. If you can't find a subreddit with your particular interest, Reddit makes it easy to create your own Reddit community.

Running a successful Reddit community isn't easy – but the process of starting one only takes a few minutes. Keep in mind that you'll want to keep a close eye on your subreddit to prevent it from being shut down or turning into a wasteland with no users, but running a subreddit can be a lot of fun when done properly. If you prefer, you can also create a private community that only your friends can join, giving you a place to hang out beyond Twitter and TikTok.

Read more
How to download music from YouTube on desktop and mobile
A woman sitting on a couch, wearing airpods and holding and looking at a smartphone.

Downloading music from YouTube is a fairly common practice, and the demand for making the process easier has inspired the creation of countless websites and software.

But not every service can be considered safe. In fact, some of these services may infect your computer with malware or produce poor-quality audio files. When downloading music from YouTube, you’ll need to first make sure that the websites or apps you use for doing so won’t hurt your device. For this guide our team has found two methods to make the process safer and easier.

Read more
How to clear your browser cache in Chrome, Edge, or Firefox
The Firefox iPhone app.

A stocked computer cache may be convenient for logging into and out of go-to sites in seconds flat, but a major buildup of these tracking codes could significantly impact your PC’s performance. If you’ve noticed that your PC has been running rather slow of late, or you’re using a new browser and don’t know how to clear its cache, we’ve got you covered with the following guide.

Read more