ahoo Mail can hardly be considered a secure email service after the parent company experienced a massive breach exposing 500 million accounts in 2014 but decided to keep it secret, and yet, every new vulnerability is still worrying for its users.
Security researcher Jouko Pynnonen discovered a cross-site scripting (XSS) security flaw in Yahoo Mail that would have essentially allowed an attacker to access any account and read emails freely. Yahoo has already patched this flaw last week and offered the researcher a $10,000 reward according to the company’s bounty program.