There’s a flurry of articles being written about the current Yahoo security vulnerability that allows user accounts to be easily hacked. The original research for this discovery is provided by a Bitdefender report.
Summary. If you are a Yahoo user and mistakenly click on a malicious link, you could be taken to a page with malicious code that hijacks your Yahoo account by stealing your cookies (confidential login session information). Once your account is hijacked, it’s used to send out spam to other Yahoo users in an attempt to hack their accounts in the same way.
Recovery. If your account has been hacked, change your password.
Prevention. Follow these steps for greater security with Yahoo and other services:
- Avoid Links. Be skeptical of all emails that contain only a link. Often such emails don’t have a subject line.
- Logout. Always logout of Yahoo (and any other sites) before exploring the web further.
- Delete Cookies. Frequently delete all cookies to reduce the chances of having them stolen. Deleting cookies will cause all sites to require a login.
- Use Multiple Browsers. If you’re primarily visiting safe websites and don’t want to login every time, you can use one browser for visiting your important online accounts, then use another browser to explore unknown sites.
- Change passwords frequently. There are thousands of stolen usernames and passwords available for purchase. It takes a while for these to get into the hands of the people (or machines) who exploit them. Even if you don’t think your account has been hacked, changing your password is a good preventative measure.