Number: AL16-024
Date: 15 December 2016
Purpose
The purpose of this alert is to bring attention to a recently acknowledged compromise of Yahoo user accounts.
Assessment
CCIRC would like to raise awareness to the potential risks caused by the compromise of a large number of Yahoo accounts. Yahoo recently acknowledged that up to one billion user accounts may have been compromised from as far back as August 2013. While Yahoo has stated that they are in the process of notifying owners of affected accounts, it is possible that these accounts will be used by malicious actors in phishing and other campaigns. CCIRC partners have recently reported an uptick in phishing email utilizing Yahoo mail accounts. Yahoo account holders should also be aware that personal and password information may have been obtained by malicious actors and that they should take appropriate measures.
Suggested Action
Due to the potential risk presented by this account compromise, CCIRC recommends that Yahoo account holders follow the risk mitigation measures recommended by Yahoo and that stakeholders raise awareness of potentially malicious activity resulting from the use of compromised Yahoo user accounts.
CCIRC observes that passwords associated with Yahoo accounts that users may have reused for other non-Yahoo services (banking, social media, etc.) should also be changed to protect the integrity of other accounts.
References
Get CyberSafe Guide for Small and Medium Businesses:
https://www.getcybersafe.gc.ca/cnt/rsrcs/pblctns/smll-bsnss-gd/index-en.aspx%20-%20s6-2
Using Passwords:
https://www.getcybersafe.gc.ca/cnt/prtct-yrslf/prtctn-dntty/usng-psswrds-en.aspx
Spotting Malicious E-mail Messages:
https://www.cse-cst.gc.ca/en/node/237/html/2998
Recognize and Secure a Hacked Yahoo Mail Account:
https://help.yahoo.com/kb/account/recognize-secure-hacked-yahoo-mail-account-sln3417.html?impressions=truea