Another day, another hack attack. And this time internet giant Yahoo (YHOO) is caught in the crossfire.
The company reported it has detected a coordinated effort to access its Yahoo Mail accounts via malicious software. Yahoo says there is no evidence that passwords or user names had been taken from its systems and will be prompting users to reset their passwords.
"The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails," Yahoo posted on its Tumblr site.
Steve Ward, vice president of marketing at security software firm Invincea, says that when email addresses are stolen, consumers face a double-down impact of potential ramifications.
“Yahoo is advising you to change your password, but the hackers are cultivating a list of people they can hit with spearphishing attacks,” Ward says. “So when Yahoo notifies the world to lookout for password reset notifications, that is what the bad guy is probably looking to do as well. A ‘spoofed’ email from Yahoo could be the next attack on users.”
He adds that this attack is another reminder that the industry is in dire need of enhanced security measures.
“This is more proof that the security industry has failed to protect consumers and their information,” he says. “The tools we are using to protect laptops and personal computers are 15 years old.”
Many consumers also wrongly assume that simply having the latest software updates installed on their own computers are enough to protect them, which Ward says is wrong.
“Those technologies do not stand up to today’s threats, and the bad guys know, that is why they are targeting these devices,” Ward says. “There should be sweeping change from the industry to start driving innovation.”