Hacker selling code that ‘hijacks’ Yahoo mail accounts

LONDON – An Internet hacker, said to be an Egyptian, has reportedly, offered to sell code that will allow a person to hijack Yahoo email accounts.

The hacker, who goes by the username TheHell, has offered an exploit for the price of 700 dollars on an underground cyber crime community called Darkode.

A YouTube video explaining the hack showed that it works when an unsuspecting email user clicks on a malicious hyperlink, sent in an email, the Daily Mail reports.

An online security blogger Brian explained on his website Krebs that the exploit ‘targets a “cross-site scripting” (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo Webmail users.’

“Such a flaw would let attackers send or read email from the victim’s account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site,” the blogger explained.

“These scripts can even rewrite the content of the HTML page,” he added.

According to the paper, Krebs informed Yahoo about the intended attack and the Internet company said their security team is responding by fixing any potential vulnerabilities.

Be Part of Quality Journalism

Quality journalism takes a lot of time, money and hard work to produce and despite all the hardships we still do it. Our reporters and editors are working overtime in Kashmir and beyond to cover what you care about, break big stories, and expose injustices that can change lives. Today more people are reading Kashmir Observer than ever, but only a handful are paying while advertising revenues are falling fast.



Observer News Service

Leave a Reply

Your email address will not be published.