Yahoo Mail, Vulnerable to an XSS Attack Available on the Black Market

Selling security breaches is an area that has greatly increased in the last two – three years, this new commodity market is putting face to face sellers, that can range from simple hackers to specialized companies, and buyers, whose spectrum ranges from national security agencies or corporations from cyber criminal networks.

Some security breaches remain unknown to most of us, these services being bought for a fortune to develop some form of targeted attack, but others can affect us directly  since it aims at ordinary services. In this case, it is Yahoo Mail, often used by users worldwide due to its omnipresence Yahoo Messenger messaging solution, for which an Egyptian hacker claims to have discovered a security vulnerability that allows data theft.


As the ad sale says, it is about a cross-site scripting attack (XSS) on Yahoo Mail that allows intercepting and replacing Cookies and / or redirecting the user to other websites with which it can be fooled. Worse, this vulnerability allows initiating a persistent attack, the data manipulated by hackers is saved on the server, it may affect more users than a standard attack. Compatible with all modern browsers and undetectable by their XSS filters just because of its persistent breach of security, this service is provided for the amount of $ 700 to any interested attacker.

According to statements made by Yahoo officials, plugging the Yahoo Mail security breach can be made in a few hours, but first they must must know where this hole can be found. What the Egyptian hacker knows well, announcing that they will only accept “serious” customers, in order not to compromise he’s discovery in a short time.


Alex Tenea

Expert in the field of Technology. I am in touch with the latest tech news and I always want to try out gadgets before writing on them. I am always searching for hot stuff and I onlywrite on the things I know it is worth writing about.

I am passionate about the ICT industry, whether it's smartphones, laptops or tablets, and in my spare time I like to keep updated with the latest developments in the world of sports and science.

Feel free to contact me for anything.