data breach, IT Security
Leave a Comment

Y Is For Yahoo’s Password Breach

yahoo's password breach

Several days ago, a Network Box USA customer received an email from a Yahoo account belonging to one of his colleagues.  As the email was obviously spam, the customer was (understandably) concerned and quickly got in touch with me, asking me to find out what was going on.

An analysis of the email headers revealed that it had originated from Vietnam.  Hence, my initial comment to him was, “unless your colleague is, right this very moment, in Vietnam, someone stole his account and is using it to send out spam”.

I know now that I was on the right track – that email address must have been one of those stolen in this latest attack against online email services.  And, in fact, we’d just witnessed another one, barely a month ago, unleashed upon Hotmail accounts.

The appeal of such accounts is twofold – firstly, many people maintain their contacts online, so once a hacker gets a hold of their password, he can harvest new email addresses to which to send spam and viruses, smug in the knowledge that these are actual email addresses, so the emails _will_ reach their targets.

Secondly, the account itself can be set up to send out a bit of spam before Yahoo, or whichever other service was compromised, finds out and blocks it.  It’s a free ride requiring minimal effort and barely any resources to speak of, and it is (almost) impossible to trace – I mean, seriously, unless the customer is prepared to board a plane to South East Asia, who will ever trace and determine the real sender, from Vietnam, who distributed the spam to which I referred earlier?

This entry was posted in: data breach, IT Security
Tagged with: , ,

by

Our mission is to produce, configure and maintain effective, affordable, computer security systems to protect the computer systems of enterprises of all sizes. We believe that all companies, regardless of size, should be afforded the same level of protection.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s