Skip to main content
  1. Home
  2. Web
  3. News

Yahoo Mail exploit by lone hacker sends malicious emails to victim contact lists

By
fixing yahoo social media

There are innumerable exploits floating around that can grab a hold of your email address, should you voluntarily click on a mysterious link. Yahoo Mail users have recently been complaining of a hack that was propagating a malicious link sent to contact lists from their own email addresses. A self professed “security researcher,” a.k.a. hacker for the greater good by the name of Shahin Ramezany is the one behind the attack with the clear intent of proving to Yahoo how exploitable mailing platform is.

Ramezany filmed a walk-through from the backend showing users how the exploit works (check it out below for yourself). The hack is “compatible” across all major browsers and exploits an XSS vulnerability, which is really the most common type that you’ll see these days.  Using this, a hacker could gain access to individual accounts and peer through emails, but in this case it’s more about sharing the bug with contacts and seeing it go viral than anything else.

Recommended Videos

Once a victim clicks on a malicious link, the exploit assumes your identity and mass emails your contacts with a catchy subject line and the same link. When the link is clicked on the hack is perpetuated to their contacts and so forth. It should go without saying that if you’re a Yahoo user, be on the look out for strange emails, and if you clicked something strange, go change your password immediately.

Ramezany claims that he will expose his own code, but that won’t come until Yahoo patches the vulnerability. Until then you can direct your blame toward him and him alone since it appears that the hack was a solo effort.

Update: Yahoo reached out to us with the statement: “At Yahoo! we take security very seriously and invest heavily in measures to protect our users and their data. We were recently informed of an online video that demonstrated a vulnerability. We confirm that the vulnerability has been fixed. In addition, we are investigating recent reports of increased abusive traffic and will work diligently to fix any vulnerabilities that are found. Concerned users are encouraged to change their passwords to a safe password that combines letters, numbers, and symbols.”

Yahoo hasn’t been a stranger to hackers. The last major incident took place in July when 400,000 accounts were purportedly hacked by hacker group D33ds Company, who used a SQL injection method. That method on the other hand was motivated by the desire to publicly expose the email addresses and passwords of its victims. This latest security issues comes just after Yahoo relaunched its email client and mobile apps.

Moral of the story is, change your passwords frequently and don’t click on anything your gut is telling you not to click on (even if it really piques your curiosity). Other than that, it’s up to Yahoo to keep your accounts safe.

Francis Bea
Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
A new Best Buy sale just started – our 11 favorite deals
Presidents Day sales with electonic devices packed in open boxes.

If you've been looking to do some shopping recently but haven't found the best time, you're in luck! Best Buy has just started an excellent weekend sale with many different products, but, to help save you some hassle, we've collected our 11 favorite deals from the bunch, ranging from robot vacuums to gaming laptops. So, without further ado, let's dive right in!
Shark ION Robot RV761 -- $143, was $260

If you're looking to dip your toes into robot vacuums without spending a lot, the Shark ION Robot RV761 falls within the Shark Ion 700 range and has a few nifty features, making it a good starting robot vacuum. For example, it has a triple brush mechanism that makes it great for picking up pet hair and does relatively well on carpeted flooring. It also has its own that allows you to schedule and control it to fit your schedule, and it comes with sensing technology that lets it avoid bumping into things. On the other hand, it doesn't have home mapping, which is great for the privacy-minded, but that does mean the occasional bump does happen. The Shark ION RV761 has about 90 minutes of battery life before it takes itself in for recharging.

Read more
When is Prime Day 2023? Dates confirmed for the shopping event
Best Prime Day 2022 Deals graphic with multiple products.

After weeks of speculation, we finally know when Prime Day 2023 is kicking off. Amazon has announced that the event will start July 11 at 3AM ET and will run through July 12. As always, Prime members can score some fantastic deals from the sale with popular brands like Peloton, Victoria's Secret, YETI, and Sony just some of the names being touted by Amazon as featuring in the big sale. Members will also be able to shop more deals on small business products than ever before too. As always, expect great discounts on Amazon-owned properties like Kindles, Ring doorbells, Amazon Echo units, and so much more. It's the sale we've all been waiting for since Black Friday.

The Prime Day deals promise to drop every 30 minutes during select periods with deep discounts expected. Select discounts on other Amazon-related things are already available such as 20% off in-store purchases at when you spend $50 or more and . It's a small taste of what is no doubt to come with other Amazon properties likely to see discounts.

Read more
Another big sale is happening at the same time as Prime Day
A variety of electronic devices in open boxes.

Target just revealed that Target Circle Week will run from July 9 to July 15, overlapping with Amazon's Prime Day that's scheduled for July 11 to July 12.

The big sale event will be open to members of the retailer's Target Circle loyalty program, who will be able to receive discounts of up to 50% for certain items. If you're not yet a member, don't worry -- you can join at any time, and membership is free. Once you've signed up, you'll be able to earn 1% from every purchase to redeem at a later time, access exclusive deals, and get 5% off for your birthday, among other benefits.

Read more