Yahoo! Mail has been hacked; whilst the official line is that you used a weak password or your computer was compromised; the truth is Yahoo! mail’s system was compromised but no official announcement had been made.
Last week, I received an spam email with a list of others in my Yahoo! Email address book; it is not possible for a spammer to be able to work out all the users in my address book. So my Yahoo! account was compromised. There are many potential reasons for how this could have happened including:-
(1) Spyware on my computer that tracks what I type and then sends the login credentials to the hackers
(2) I stored my password somewhere and somehow my system was compromised and this file ended up in the wrong hands
(3) Session hacking; my browser’s sessions have been hacked mid-way and a hacker was able to sabotage one of sessions and get into Yahoo! account
(4) Some hackers used brute force to hack into my account
(5) Yahoo! system was compromised by hackers and everyone’s accounts have been accessed
(1) and (2) can be eliminated as I am a tech person running on Linux (Ubuntu) and know of all of the backdoors and vulnerabilities. (4) is unlikely as my password is very secure and hydra (the brute force program) now does not work on Yahoo!
This leaves (3) and (5); both are equally likely. Either way, if they have designed their sessions insecurely then it would be open to attack and session hijacking. It seems to have only happened to Yahoo! mail and not Gmail or Hotmail.
If you search Google, it will only show up with how your account has been hacked but in fact; your password is secure and the reason why it has been hacked is because of native vulnerabilities with Yahoo! Mail.
In short, don’t put too much sensitive information in your Yahoo! Mail account.