MAJOR SECURITY THREAT on mail.yahoo.com
You have a security exploit on the mail.yahoo.com website. It is in the ad-generator portion of the page, which you lease/sell to third party vendors. The ad vendors are able to place malware into the ad code, so during an ad refresh on the page, it redirects the whole page to a malware/"click here to close"/virus website. THIS IS A MAJOR SECURITY THREAT. it tracks across 4 browsers (Edge, Firefox, Chrome, Safari) and 3 operating systems. The flaw is in mail.yahoo.com...not the end-user. You can fix this in server side/client side coding if you have a good coder who puts sniffers in the ad streaming between the web user and the ad ware streaming service to block popup code and redirect code. Please fix it. others are claiming non-secure rebrand of mail.yahoo.com. watch for malware on the yahoo servers themselves.
-
Anonymous commented
I am also experiences these same issues on my computer but luckily my computer antivirus program caught phishing (it came from ecp.ysusercontent.com) and aborted the connection.
-
Ang The Self Taught Tech commented
Someone gave one of the culprit links here (I have put xx in the protocol as quotation marks as someone else did does not make it unclickable).:
hxxp://gbk2281.website/ln/mggYr_6oxW3AhxZRAXJoTFQxjVo_Gl645RLZaxGX02cQMMWPvHsYWvNt_KR88NcKW_y5iqzv9TwhUUbL.mkJhP9PZbpaDs4OPFTsUh7XB8SicmTfDZG9pQzoonEzNQfC6zM9cOOEx49PSzRBKFHxLGY4DW2An5bDO9UWnnMwOYi.CpIzFD5XzB9zapdS9jMiY6jaXIinko9X_fiSUH92ey8zuSu5Tdh.7OIPKgLcYeRZ8QxX_6hMiOxuA9s8LTswJMAQjtxH6VKRa6pDNo_yuKYR_H30xUpzAaaxWQNIbyBEQJDLWsc_Iru7uP.QvtSrrMJCTJrHFKCJDGod65Ppbx2CwXMnAeeDHKR46ndt_epqSI2wJIKQL5ah8IVTmIla
-
Ang The Self Taught Tech commented
This concerns me as this major security threat has been going since Aug of 2018 and it is now almost March of 2019 and still this is under the status of "Gathering feedback"? Seriously?? So we are in risk all this time? Considering the serious findings that hwalter2001us has said below in the comments this makes me want to suggest that everyone leaves Yahoo mail and goes to another email client. At one time Hotmail was the worst but now it seems Yahoo Mail might be. I know people with Hotmail that have had no issues for years now but Yahoo Mail has been a problem year after year. This time however they seem to be more than just an inconvenience.
-
Sadat Taheri commented
I just received 2 email threaten me that if I don't update my Yahoo they will close of my account and also mentioned it has been proceeded. Along with email the attached a file. I should say they used Yahoo symbol.
-
Dwight Sands commented
I've been getting this too for at least the last several months
-
stephen pardoe commented
Sorry but that was an unthinking reply from the Yahoo Admins asking for an example add.
Richard said ALL Adds in ALL Areas, and I agree.
So just choose ANY add to test from ANY of your Test Yahoo accounts. -
Matthew Rich commented
This is URL from the site generating the message. It is in speech marks to stop it executing, but will probably be a dead link anyway. Only seem to get this hijacker through Yahoo Mail page.
-
Attila Mezei-Horváti commented
I am experiencing the same malware issue. Very upsetting. I am debating if I should switch to other email provider that can offer a clean and secure web interface.
-
Robert Ramalho commented
I am a Member of Resources 4 Me and I get several emails a week from you. Everytime I open a Link on your email pages I get a Harmful Site Warning from McAfee AntiVirus. I tried to log onto you Web Page from the Listings of your site and got the same Warning. I've Responded to your emails notifing you about this Situation. So far there has been no Responase from you reguarding this Issue. It would be Advisable for you to check out this Problem before someone's Computer get Infected from your Site.
-
Cosmo C commented
I have also experienced this. Fortunately I know how to get rid of the pop up. The ads really need to go without having us pay yearly to not have them.
-
Mehri Youssefian commented
I have security already by google.
-
hwalter2001us commented
Don't waste your time and energy telling yahoo they have a security problem, Yahoo is like the 3 monkeys (or is it the 3 stooges?)... well in either case ..... yahoo doesn't give a rat's tail about any security problems. They would rather spend their time making their products look like Google (the sincerest form of flattery is imitation).
In 2012 Yahoo was made aware of a security issue - their "fix-it" advise... change your password!
No changes made on their end. Over 400,000 accounts got hacked & I was one of those 400,000. I wrote emails to Yahoo, posted on Facebook, I wrote on yahoo's support pages so many times - I bothered them so much they closed my account. Too funny, like the little Dutch Boy, rather than plug the hole in the dam, Yahoo's answer was to plug their ears with cotton so as not to hear the water as it was bursting through the dam.Repeat the above paragraph and replace the year 2012 with the year 2013, and again repeat the above paragraph for the years 2014, 2015, and 2016 and this is the year that Congress finally got involved.
By October 2017 yahoo finally publically admits that ALL 3 billion of yahoo user accounts have been hacked and victims of id thieves. ALL, EVERYONE that has or had a yahoo account their personal info was being sold on the dark-web.
1) The Senate Commerce Committee had to subpoena (ex yahoo)CEO Mayer and compel her to appear and testify before she would admit any wrongdoing and 2) If it had not been for Verizon going over-the-books (figure of speech) Yahoo user info would still be available for sale on the darknet.
So my advice is to start writing your Congressman/woman and letting them know that Yahoo is at it again because Yahoo didn't listen to its users back in 2010 (the first email I sent to Yahoo about hacking my mail account) what the **** makes you think Yahoo is going to listen to any user now? Just because Verizon is at the helm?? Remember Verizon are the ppl that willing gave all our info to the NSA (guess the Boston marathon bomber, the under-wear bomber etc. were not Verizon customers).