CRITICAL BUG IN YAHOO MAIL NETS HACKER $10K
Security researcher Klikki Oy has received a $10,000 bug bounty for discovering a security flaw in Yahoo Mail. The XSS vulnerability discovered could have allowed a potential attacker to forward the contents of the victim’s inbox to an external website and compromise the account itself. Yahoo learned about the threat last month, implemented a fix and rewarded the researcher through a bug bounty program.
Klikki Oy was awarded the $10,000 bug bounty through the HackerOne bug bounty program, a vulnerability management platform that works with the security research community. The platform was created by security professionals from Facebook, Microsoft, and Google, and claims to have facilitated the discovery and amendment of almost 17,000 bugs and to have paid out $5.83 million in such bounties. According to Litmus Labs, Yahoo Mail is the seventh most popular email client in the world. The vulnerability only affected web-based versions of Yahoo Mail, not its mobile application.