Can Yahoo! keep the hackers at bay?
Yahoo! email accounts have been subjected to a fresh wave of hacking attacks, two months after customers first reported problems with the service.The company could not confirm that it is able to protect users from the hacker, and would only say it is “currently investigating” reports of accounts being compromised.
Channel 4 News first reported in March that an international email spam campaign had targeted Yahoo! mailboxes.
At the time Yahoo! said it was investigating. But over the last week dozens of Yahoo! customers have contacted us to complain about the company’s response to the issue.
One user said: “My mother’s Yahoo! Mail account has been compromised today 25th April 2013. I am very concerned about this – fortunately I have enough knowledge to know not to click on the link but others in her address book may not.
“This is not acceptable from companies who are making millions of pounds but are leaving their customers in a very vulnerable position.”
The recent attacks show exactly the same pattern as the earlier ones: a login from a Yahoo! Mobile device apprently in a far-flung country, followed almost immediately by a browser login from the same country. The hacked account is then used to send spam links which lead to a get-rich-quick scheme.
Read more: How the hack works and how you can protect yourself
Channel 4 News has been told the identity of the hacker, and that he is based in the Russian Federation. Some victims have reported being hacked from IP addresses (a computer’s unique location on the internet) in Russia.
Yahoo! re-issued the same statement it put out in March: “We take data protection very seriously and are currently investigating reports that some Yahoo! Mail accounts may have been compromised. As part of normal account security processes, if we detect suspicious activity we act to secure the account and prompt users to change their passwords.”
However, some victims have told Channel 4 News that even after changing their passwords, their accounts were still being accessed by the hacker.
“I changed my password, set up the second stage verification log in and have set up a sign-in seal but still my browser is logged in by someone in the Netherlands as we speak!!” one victim wrote in an email.
Yahoo! declined to comment on reports that its security settings are being bypassed.
Follow @geoffwhite247 on Twitter