Yahoo User Account Compromise

Number: AL16-024
Date: 15 December 2016

Purpose

The purpose of this alert is to bring attention to a recently acknowledged compromise of Yahoo user accounts.

Assessment

CCIRC would like to raise awareness to the potential risks caused by the compromise of a large number of Yahoo accounts.  Yahoo recently acknowledged that up to one billion user accounts may have been compromised from as far back as August 2013.  While Yahoo has stated that they are in the process of notifying owners of affected accounts, it is possible that these accounts will be used by malicious actors in phishing and other campaigns.  CCIRC partners have recently reported an uptick in phishing email utilizing Yahoo mail accounts.  Yahoo account holders should also be aware that personal and password information may have been obtained by malicious actors and that they should take appropriate measures.

Suggested Action

Due to the potential risk presented by this account compromise, CCIRC recommends that Yahoo account holders follow the risk mitigation measures recommended by Yahoo and that stakeholders raise awareness of potentially malicious activity resulting from the use of compromised Yahoo user accounts.

CCIRC observes that passwords associated with Yahoo accounts that users may have reused for other non-Yahoo services (banking, social media, etc.) should also be changed to protect the integrity of other accounts.

References

Get CyberSafe Guide for Small and Medium Businesses:
https://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/index-en.aspx%20-%20s6-2

Using Passwords:
https://www.getcybersafe.gc.ca/cnt/prtct-yrslf/prtctn-dntty/usng-psswrds-en.aspx

Spotting Malicious E-mail Messages:
https://www.cse-cst.gc.ca/en/node/237/html/2998

Recognize and Secure a Hacked Yahoo Mail Account:
https://help.yahoo.com/kb/account/recognize-secure-hacked-yahoo-mail-account-sln3417.html?impressions=true

Note to Readers

In support of Public Safety's mission to build a safe and resilient Canada, CCIRC's mandate is to help ensure the security and resilience of the vital non-federal government cyber systems that underpin Canada's national security, public safety and economic prosperity. As Canada's computer security incident response team, CCIRC is Canada's national coordination centre for the prevention and mitigation of, preparedness for, response to, and recovery from cyber incidents on non-federal government systems. It does this by providing authoritative advice and support, and coordinating information sharing and incident response.

Please note, CCIRC PGP key has recently been updated.
http://www.publicsafety.gc.ca/cnt/ntnl-scrt/cbr-scrt/_fl/CCIRCPublicPGPKey.txt

For general information, please contact Public Safety Canada's Public Affairs division at:

Telephone: 613-944-4875 or 1-800-830-3118
Fax: 613-998-9589
E-mail: ps.communications-communications.sp@canada.ca

Date modified: