Yahoo Password Hack

Pierluigi Stella, Chief Technology Officer, Network Box USAby: Pierluigi Stella, Chief Technology Officer, Network Box USA

A little while back, a Network Box USA customer received an email from a Yahoo account belonging to one of his colleagues.  As the email was obviously spam, the customer was (understandably) concerned and quickly got in touch with me, asking me to find out what was going on.

An analysis of the email headers revealed that it had originated from Vietnam.  Hence, my initial comment to him was, “unless your colleague is, right this very moment, in Vietnam, someone stole his account and is using it to send out spam”.

I know now that I was on the right track – that email address must have been one of those stolen in this latest attack against online email services.  And, in fact, we’d just witnessed another one, barely a month ago, unleashed upon Hotmail accounts.

The appeal of such accounts is two fold – firstly, many people maintain their contacts online, so once a hacker gets a hold of their password, he can harvest new email addresses to which to send spam and viruses, smug in the knowledge that these are actual email addresses, so the emails will reach their targets.

Secondly, the account itself can be set up to send out a bit of spam before Yahoo, or whichever other service was compromised, finds out and blocks it.  It’s a free ride requiring minimal effort and barely any resources to speak of, and it is (almost) impossible to trace – I mean, seriously, unless the customer is prepared to board a plane to South East Asia, who will ever trace and determine the real sender, from Vietnam, who distributed the spam to which I referred earlier?

At this point, you might be thinking that I am a CU, this does not affect me as we do not use Yahoo accounts.  First of all, that is not true – I have seen plenty of smaller organizations who do not set up their own domain, and use Yahoo accounts to conduct business.  Second, even if you do not, many of your customers very likely do.

Let’s consider the second point first.

Many CU’s still send out their customers’ monthly statements via email; I know this because our device scans their outbound emails and once a month, like clockwork, we see the outgoing flow of statements (rest assured that we do not have access to the content).  If the destination email address is at one of these free services, you might be sending that statement straight into the waiting hands of a hacker – SSN, account number and balance all in one place.  Nice present for the hacker, don’t you think?

Moving back to the first point, if you are using the Yahoo account to conduct business and yours is one of those that were hacked, you might be sharing with the hacker, information you would never want to share with anyone in general – confidential information about loans and who knows what else.  It really is not a good idea to use a free service such as Yahoo mail to run a business – no matter who you are and what you do.

I say, register your own domain, host your emails with a reputable company, and pay for it.

As they say in Texas, there’s no such thing as a free lunch!
About Pierluigi Stella
After 15 years at IBM, Pierluigi Stella co-founded Network Box USA (the American division of Network Box Corporation Ltd) in 2003.  In his capacity as Chief Technology Officer, he has acquired extensive knowledge of security issues with emphases on the financial; banking; hospitality and travel; healthcare; and education sectors.  Stella is also an elected Member of the Executive Council of the CompTIA IT Security Community.

In the year 2008, Stella was a contributor to the European Networks and Information Security Agency (ENISA)’s “Cloud Computing Risk Assessment” project which analyzed data protection and data security issues.

Stella holds a Master’s Degree (Magna Cum Laude) in Electrical Engineering from the University of Naples, Polytechnic School of Engineering in Naples, Italy.  He has received numerous industry recognitions for notable career achievements in addition to being the recipient of excellence awards for innovative design.

About Network Box USA
Network Box USA (, the American division of Network Box Corporation Limited, is a leading Managed Security Services Provider (MSSP) in the domestic market.  The company was formed in response to the increasing danger posed by security breaches, virus attacok i ks and similar threats arising from widespread use of the Internet.

Guided by the belief that the same high level of computer protection which large enterprises enjoy should be made available to every organization, Network Box offers businesses of all sizes cutting-edge security solutions that are exceptional and affordable.
Since 2000, it has served hundreds of global companies, organizations, and government agencies with award-winning, state-of-the-art cyber security built on the Network Box’s comprehensive protection, real-time technology.

The company embraces a revolutionary approach against escalating Internet threats by adopting a model of real time protection which extends across all modules of its award winning UTM devices.  Signatures are created and PUSHed to these devices, globally, within three seconds, thus ensuring true real time protection for its portfolio of clients.  In the United States alone, Network Box USA protects in excess of 150 banks and credit unions.

Network Box USA is headquartered at 2825 Wilcrest Dr, Suite 259, Houston, Texas 77042.  For more information, please call 832-242-5758 or (toll free) 888-315-8886; fax: 713-933-0290; or email  Follow us on and

Pierluigi Stella

Pierluigi Stella

With a sterling track record of successfully accomplished projects, an extensive technical know-how, and nine years as head of both the technical as well as customer service divisions of Network ... Web: Details