The process of 'stealing' Yahoo Mail passwords in 4 minutes

A hacker posted on YouTube a video describing how to easily get the victim's Yahoo! account login information by simply clicking on a link.

Over the weekend, a series of Yahoo Mail users were restricted to their accounts after they clicked on a link received in the mailbox (apparently sent from their friends). Yahoo said it patched the vulnerability, but security experts said the issue had not been resolved.

Evidence is that the hacker named Shahin Ramezany conducted a trial of exploiting the vulnerability of DOM-Based XSS to steal mailbox password. When a victim clicks on the URL, cookies (the user's activity on the web saved by the browser) will immediately be sent to the attacker's machine and the person will know the victim's account information. This trick can be applied to all popular browsers like Internet Explorer, Chrome, Firefox .

After controlling the account, the bad guys can use that mailbox or nick Yahoo Messenger to continue spreading malicious links to the victim's friends. Therefore, the security community recommends that users should consider carefully before clicking on any content, even if sent by acquaintances themselves.

The loss of Yahoo! nick after clicking on the link is quite common and this clip helps people better understand how hackers get passwords. (You can click the 4-arrow button in the lower right corner of the clip to view the full screen).