Britain's surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.
GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.
After the NSA leaks began last summer, tech companies asked for permission to reveal more information about what kind of user data they provide in response to Foreign Intelligence Surveillance Court orders.
The attack on Yahoo that started with the theft of user credentials from a third-party database highlights the risk of sharing usernames and passwords across multiple websites.
Yahoo reported Thursday that attackers using computer software used the stolen credentials to log into Yahoo Mail accounts and search for names and email addresses on sent emails. Upon discovering the attack, Yahoo shutdown access to the affected accounts, alerted users and asked that they reset their passwords.
Yahoo said it is resetting passwords for some of its e-mail users after discovering a coordinated effort to compromise accounts.
Another now-closed bug in Yahoo's servers have revealed that it was running an old server kernel allowing root access to its system, according to security researcher Ebrahim Hegazy.
Hegazy found that by manipulating one of the parameters in the URLs used in Yahoo Mail, he could cause the server to execute system commands remotely.