Site   Web

April 30, 2013

Hackers Plague Yahoo Mail Users Again: Report

Rise in Global Hacking Attacks Shines Light on Weak Site Security, Poor Password Choices

Yahoo Mail has been hit by a new wave of hacking attacks.

This is the second time this year that e-mail accounts of the world’s third largest e-mail service provider have been compromised by spammers.

According to a U.K. news channel, Yahoo users are again reporting their accounts have been hacked — and, apparently, the same technique used in March is being deployed again. The hacker uses the compromised accounts to send spam to everyone in the account holder’s contacts folder. In most cases, the spam was a link to a financial scam site.

The U.K.’s Channel 4 News has reported the hacker is based in Russia and is an experienced cyber-criminal.

Yahoo, in response to the latest attack, released the same statement as the one in March: “We take data protection very seriously and are currently investigating reports that some Yahoo Mail accounts may have been compromised. As part of normal account security processes, if we detect suspicious activity we act to secure the account and prompt users to change their passwords.”

The technology company has refused to comment on the obviously ongoing security issues with its e-mail program or if it is considering adding two-factor authentication to thwart future attacks.

With two-factor authentication — also known as two-step verification — users must enter their password and a verification code. The code, usually, is sent to the user’s phone via text, voice call, or mobile app.

During sign-in, the user often can request the service no longer ask for a verification code on that particular computer. From that point on, only the user’s password will be required. However, if the user or someone else tries to sign in from a different computer, a verification code will be required to gain access to the account.

As hacking becomes more and more prevalent, e-mail providers and social media sites alike are urging their users to follow good password practices.

Most sites recommend passwords be at least 10 characters and include upper and lower case characters, numbers and symbols.

Using tricks to make memorizing passwords easier such as re-using passwords on multiple accounts or using patterns, simply makes them easier to infiltrate.

According to a Deloitte Canada report, more than 90 percent of user-generated passwords — including the ‘strong’ passwords — will be vulnerable to hackers in a matter of seconds.

SplashData, a provider of password management applications, suggests using passwords with mixed types of characters, for instance: “car_park_city?”

The firm released a list of the 25 worst passwords of 2012 earlier this year. It was assembled using information hackers have posted online as “stolen passwords.”

Here is the list:

#              Password                Change from 2011
1               password                 Unchanged
2               123456                    Unchanged
3               12345678                Unchanged
4               abc123                     Up 1
5               qwerty                     Down 1
6               monkey                    Unchanged
7               letmein                     Up 1
8               dragon                     Up 2
9               111111                    Up 3
10             baseball                   Up 1
11             iloveyou                   Up 2
12             trustno1                   Down 3
13             1234567                  Down 6
14             sunshine                  Up 1
15             master                      Down 1
16             123123                    Up 4
17             welcome                  New
18             shadow                    Up 1
19             ashley                      Down 3
20             football                     Up 5
21             jesus                        New
22             michael                     Up 2
23             ninja                         New
24             mustang                   New
25             password1               New