A YouTube video explaining the hack showed that it works when an unsuspecting email user clicks on a malicious hyperlink, sent in an email, the Daily Mail reports.
An online security blogger Brian explained on his website Krebs that the exploit 'targets a "cross-site scripting" (XSS) weakness in yahoo.com that lets attackers steal cookies from Yahoo Webmail users.'
"Such a flaw would let attackers send or read email from the victim's account. In a typical XSS attack, an attacker sends a malicious link to an unsuspecting user; if the user clicks the link, the script is executed, and can access cookies, session tokens or other sensitive information retained by the browser and used with that site," the blogger explained.
"These scripts can even rewrite the content of the HTML page," he added.
According to the paper, Krebs informed Yahoo about the intended attack and the Internet company said their security team is responding by fixing any potential vulnerabilities.