Yahoo suffered through one of those weeks, as they found out there is a security hole in the Yahoo Mail app and they fixed the vulnerability that allowed hackers to steal 450,000 user email addresses and passwords.
There is a security hole in the Yahoo Mail app for Android, which could be responsible for the mobile spam botnet, said researches at mobile security company, Lookout.
Trend Micro experts confirmed the existence of the flaw, but they couldn’t precisely say if the vulnerability is in fact responsible for the spam sent out from mobile phones.
The weakness discovered by the researchers allows an attacker to steal a user’s Yahoo cookies.
The bug stems from the communication between Yahoo mail server and Yahoo Android mail client.
Yahoo is coordinating the fix for the issue and the researchers promise a more technical analysis, but in the meantime, users must be extra cautious when receiving pharmacy advertisements that appear to be sent from Android devices via Yahoo Mail.
It appears this may not be a botnet after all, just like Google representatives said when the situation first came to light.
Meanwhile, Yahoo is also working on a bigger issue after hackers from D33Ds Company leaked 450,000 email addresses and associated passwords from a Contributor Network database.
Yahoo did say it fixed the vulnerability that allowed hackers to steal 450,000 user email addresses and passwords.
In a blog posting, Yahoo said the “compromised information was provided by writers who had joined Associated Content prior to May 2010, when it was acquired by Yahoo. (Associated Content is now the Yahoo! Contributor Network.) This compromised file was a standalone file that was not used to grant access to Yahoo systems and services.”
Yahoo fixed the vulnerability; it also put into place “additional security measures for affected Yahoo users, enhanced our underlying security controls and are notifying users suffering from the attack.
Yahoo is advising users who joined Associated Content before May 2010 using their Yahoo email address to log into their Yahoo account, where a prompt may ask them to answer a series of authentication questions, to change and validate their credentials.