Yahoo! Mail App Helps Fight Hackers

By Alicia Young February 16, 2017

Yesterday I learned that karma is, in fact, real. After reporting on Yahoo!’s recent shortcomings and its latest attempt to bring users back into the fold by rolling out new updates to its mail app, I received a security notice from the company not even five minutes later. The irony here is that I said earlier in the day that I had yet to install the Yahoo!! Mail app because I didn’t see its purpose. However, after receiving the notice and reading up on how the app can, in fact, help prevent against hackers, I immediately downloaded it. Let’s take a look at the company’s latest hacking news, and how the mail app can be used to stop fraudulent attempts on your account.

In the notice I received from Yahoo!, the company stated:

Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account. We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016. Those users targeted by the state-sponsored actor were sent an additional notification like the one found here: https://help.Yahoo!.com/kb/SLN26995.html.

The fact that this could have happened in 2015 or 2016, and it is now February 2017 and I’m just now hearing about it, is kind of terrifying. The email goes on to say that Yahoo! has invalidated the forged cookies and “hardened” its systems to secure them against any more attacks of a similar nature. That’s all well and good, but this breach of my privacy still left me feeling a little uneasy. Yahoo! suggested in the email that I should review all my accounts for suspicious activity, be cautious of any unsolicited communications that ask for my personal information, and avoid clicking on links or downloading attachments from suspicious emails. These are all things I do anyway, but the last item on the list caught my eye—the Yahoo! Account Key.

Beforehand, I had simply been using multi-factor authentication and my password to login to my account. However, the Yahoo! Account Key gets rid of passwords altogether and instead uses the Yahoo! Mail app to allow users access to their accounts (this is the part where I begrudgingly downloaded the app, all the while thinking that I had jinxed myself with that earlier article).

The Yahoo! Account Key works by sending notifications to your Yahoo! Mail app when someone tries to login to your account. So, for example, if someone is trying to log into my account from a desktop by using Google Chrome, I will get a notification on my phone from the app, with those exact details, asking if the user is me. If it’s not, I can simply click “No” from within the app. If it is me logging in from another device, all I have to do is click “Yes,” and I gain instant access. Assuming that the hacker does not also have your mobile phone or some other device with email access on it, this is a great way to see when exactly someone is attempting to hack your account.

Although Yahoo! clearly has some security problems, it’s doing a pretty good job of improving its defenses. The only problem is that these defenses don’t seem to be advertised very well—I had never heard of the Yahoo! Account Key until yesterday. Hopefully these new security measures can help the company keep hackers out—especially because this latest news caused Verizon, which is set to buy Yahoo!, to lower its price by $250 million. This is a big blow to the company, and potentially makes Yahoo! the biggest victim of the hacks. Let’s hope these security breaches have no more casualties.   




Edited by Stefania Viscusi
SHARE THIS ARTICLE
Related Articles

Verizon, Oh Verizon, Where Are You Going?

By: Doug Mohney    2/23/2017

Last June, Verizon closed a $4.4 billion deal to buy AOL. Executives said the acquisition would enable the company to layer AOL's advertising strength…

Read More

AMD: The Time For Ryzen Has Arrived

By: Rob Enderle    2/23/2017

The Ryzen part is a powerful alternative to Intel's offering, which will result in several new, more powerful, and affordable systems for those that g…

Read More

Voice 2017 - Best of Times, Worst of Times

By: Doug Mohney    2/21/2017

Voice is in a unique position these days, judging from the conversations I've had over the past six weeks during CES and ITEXPO. Available quality is …

Read More

Needed: Better Location Tech for RideShare Services

By: Doug Mohney    2/21/2017

Uber, Lyft, and other ride services have pushed the bounds of location tech to the point of frustration for end-users, both drivers and customers alik…

Read More

Human Carrying Drones May Arrive in 2017

By: Rob Enderle    2/21/2017

There are a couple really big problems that will likely make human carrying drones more of a tourist attraction than a real solution for some time, bu…

Read More