Yahoo! hasn’t had the best year: failing to disclose that hundreds of millions of accounts were leaked years ago just as your organization experiences another hack isn’t the most ideal situation. Between the countless hacks and data leaks, it seems that the security team at the online media giant is always one step behind hackers out to steal their vulnerable data. And though the latest breach involves a white-hat hacker, it just goes to show that the Yahoo! security team has a long way to go before achieving a sound cyber security standing.

Here are the details: white-hat hacker Jouko Pynnönen recently discovered a point in the Yahoo! network that allowed him access to any mail account. What’s even more disturbing is that the only action needed was to send an email carrying specific, malicious code in the message’s body to the user. Using the security vulnerability discovered by Pynnönen, hackers could sneak JavaScript code past the Yahoo! filters by incorporating it into certain display links for popular sites. Using the compromised link within the message, Pynnönen created a cross-site scripting (XSS) vulnerability. The user only has to open the email message, giving the hacker total access to their inbox.

Due to Pynnönen’s white-hat hacker status, not only are Yahoo! inboxes safe but the company also sent a reward of $10,000 after finding and fixing the bug themselves.

Fortunately for Yahoo!, they are able to spend a considerable amount of money to secure their online presence with top-of-the-line protection. Since their white-hat hacker program began, they have paid out over $2 Million in bounties to more than 2,000 researchers and resolved approximately 3,000 security bugs.

Though there is nothing to support that this vulnerability was exploited by harmful groups, it should push everyone to truly understand that no company, big or small, is immune to this type of situation.

While there isn’t ever a simple, blanket solution for cyber security issues, having a second or third opinion from a trusted cyber security provider is a good first step toward a protected environment. With 24×7 management and monitoring services provided by firms such as Tier3, cyber security experts are able to create a custom solution that fits your organization like a glove.

Hackers will continue to come up with unique attack methods and opportunities – stay one step ahead of them with your own unique cyber security plan of attack.