Yahoo Server Falls Victim to Mass Email Attack… Again

It was recently revealed by Yahoo that their popular email service, Yahoo Mail, was breached by a group of unknown hackers, in a coordinated brute force attack designed to collect the contents of the address books and messages that were targeted.

Whether this issue was caused by the Adobe breach that took place a few months back remains to be seen, but Yahoo has sent out a public service message warning its customers that they should never use the same username or password across separate accounts. Normally it’s in situations such as these you would expect security protocols like two-step authentication to show their worth, but there are already multiple methods available to even the most rudimentary of hackers for bypass this problem with ease.

Yahoo representatives staunchly denied any accusations that the credentials of their users had actually been stolen in the attack, merely ghosted as part of a temporary botnet designed to temporarily disable their central servers.

Yahoo Front Page. Source | Wikipedia

Yahoo Front Page. Source | Wikipedia

It seems the perpetrators behind the effort were mainly looking at the content of emails, and loading up on as many contact lists as they could make off with during the short amount of time that Yahoo’s engineers spent sipping the coffee at their desk without checking their screens. This breeds the assumption that at most they were looking for ways to spread malware, and at the very least intended to sell relatively useless information for a small profit on the advertising black market.

We can’t say one or the other if this means that the crack is related to the username/password combo pack that thieves hauled off with from servers at Adobe’s Santa Clara headquarters back in December, but when it comes to password security, we here at VPNCreative agree wholehearedly with the friendly spokespeople at Yahoo: never repeat passwords across valuable accounts like those linked to your email or Facebook with throwaway details like you might use for the Adobe website or something similar.

Not differentiating enough between credentials is the easiest way for hackers to gain access not only to your online accounts, but your desktops, laptops, tablets and mobile phones too, so always be sure you are using as much variation between each password as possible in order to prevent attacks like this from happening to you from now on.