Scammers are exploiting a two-year-old security hole in Yahoo's network that gives them unlimited opportunities to guess login credentials for Yahoo Mail accounts, a researcher said.
The vulnerability resides in a web application that automates the process of logging in to the widely used webmail service. Because it fails to carry out a variety of security checks followed by the login page
Yahoo! Mail users typically use, it's providing criminals with a backdoor through which user accounts can be breached, said Ryan Barnett, director of application security research at Breach Security