Attackers, willing to do anything to hijack webmail accounts to boost their spam campaigns, are bypassing the traditional Web login interface page to seek out a backdoor into accounts. Those attackers have targeted Yahoo and are successfully cracking account passwords by focusing automated password cracking scripts on a Yahoo Web services-based authentication application thought to be used by Internet service providers (ISPs) and third-party Web applications.
That was the finding of the Web Application Security Consortium Distributed Open Proxy Honeypot project, maintained by researchers at Breach Security Inc. The honeypot is tracking an extensive series of brute force attacks successfully targeting account credentials of Yahoo email users.
Read more about this at:-
