In a move that could have saved thousands of potential victims of identity theft, Yahoo techs have fixed a flaw in the online news and advertising company's HotJobs Web site, one of the leading online job sites with thousands of subscribers.

The flaw, a cross-site scripting vulnerability, was discovered by Internet services company Netcraft, which notified Yahoo (NASDAQ: YHOO) about it on Sunday. Netcraft said it discovered a similar flaw on Yahoo's ychat.help.yahoo.com site earlier this year.

In both cases, the attackers injected malicious JavaScript code, which attempted to steal visitors' authentication cookies. The attackers could use the cookies to access their victims' Yahoo e-mail accounts, and any other account that uses cookies for the Yahoo.com domain, Netcraft said.
InternetNews Realtime IT News - Yahoo Tightens HotJobs After Hackers Hit