Yahoo! Malware Hack (Again)
Yahoo! was thrust into the limelight the last holiday season – unfortunately for all the wrong reasons. Their services were hacked. According to this Yahoo! post providing specific details, users accessing the site between December 27, 2013 and January 3, 2014 may have been infected with malware.
The actual infection was a result of the Yahoo! ad service’s Java based code being exploited. This allowed hackers to inject malware into the computers of unsuspecting users. Unfortunately, there is little information on exactly which sites, or even which users will have been compromised, but it’s safe to say that at least Yahoo! Mail and Yahoo! IM users are on the list of potential victims. This has a number of people frustrated, as they aren’t sure whether they have a malware problem or not.
The site goes on to explain that it was due to another user’s account being compromised (which of course makes it not the fault of Yahoo!), and that most, but not all, of the users impacted are in Europe. Unfortunately the one thing their messages don’t do is provide any real help or solutions for users who have had their machines compromised by this breech of trust.
While the full extent of the damages isn’t known, at least not outside of Yahoo!, there are confirmed reports that at least some of the machines hijacked were converted into Bitcoin mining machines. Equally frustrating to some is the fact that Yahoo! has not released any real details on the account that was compromised. Instead, they’ve just directed users who ‘think’ they might have been infected to ‘update Windows’ and take other vague steps.
The worrying thing here is that large firms with a lot of personal data get hacked fairly often – and its not only data they hold on you, but data they hold FOR you, it isnt the first, and probably wont be the last. Some hacks are done for fun, some to terrorise, some to make money, and others to hold people at ransom. However, how secure IS your data once you pass it on to a mammoth organisation? And how safe is any software that you really use?