Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Yahoo Account Compromised


  • Please log in to reply
10 replies to this topic

#1 MML

MML

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 12 July 2011 - 03:06 AM

Today, when I logged into my yahoo account, I was greeted by a screen telling me to change my password, as they strongly suspected my account had been compromised. I complied and was frankly stunned; I don't know how anyone would have guessed my password, and this email account has had the same password for over six years without incident. There are no hints in my outbox or inbox that the account was used to send spam, nor that it was tampered with.

Any advice as to whether I should deep-search for hackware/full system compromise? None of my other accounts have been compromised, and I've noticed no further technical oddness with my PC. I'm scanning with TDSS Killer and GMER as we speak.

BC AdBot (Login to Remove)

 


#2 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:30 PM

Posted 14 July 2011 - 10:01 AM

If you use the same password for multiple accounts, your password could have been compromised in the many database dumps released by hackers over the past couple months.

http://gizmodo.com/5815551/find-out-if-your-personal-data-is-part-of-lulzsecs-grand-finale

As a side note: it's usually a good idea to change your password on a regular basis (6 months, year, etc.) as feasible.

I doubt this has anything to do with the security of your computer. Email accounts are hacked all the time for one reason or another.
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#3 MML

MML
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 14 July 2011 - 03:59 PM

Double-checked with that list, and none of my emails have been compromised on it, to my relief. I also never use the same password anywhere on anything.

Switching up passwords once a year sounds like just a just plain smart notion; going with that.

I had to post because I received a notification from Western Union about identity theft, but it had an attachment and was dumped into my spam folder so I thought nothing of that until Yahoo notified me of a breach. The two accounts are attached to two different emails, so I thought I'd double-check :)

Edited by MML, 14 July 2011 - 04:00 PM.


#4 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:30 PM

Posted 14 July 2011 - 05:25 PM

Good to hear. :)

I received a notification from Western Union about identity theft

Make sure to double-check the authenticity of emails claiming to be from your bank or other "official" institution. Spotting fakes can hard sometimes: http://www.zdnet.com/photos/can-you-spot-a-scam-screenshots/6216474

You might also find the following article interesting: http://www.zdnet.com/blog/security/spammers-new-favorite-delivery-model-your-compromised-email-account/8989

You are smart to never re-use the same password...although I'm guilty of that myself. :whistle:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#5 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 15 July 2011 - 12:36 AM

I have had alot of friends on gmail and yahoo this has happend to....

HOW ARE THEY GETTING THE PASSWORDS??


Are they hacking into these companies DB to get this info??

#6 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:30 PM

Posted 15 July 2011 - 01:39 AM

More or less. Not Gmail and Yahoo themselves, but when you use the same password for multiple online accounts (email, Facebook, Paypal, banking, forums, etc.)...if one site's data is compromised, all your stuff could potentially be compromised along with it. Hence why it's a good idea to not re-use passwords.

Hackers have gotten a lot of press over the past few months since the Sony PSN hack back in April: http://kotaku.com/5798510/the-playstation-network-hack-timeline

http://gizmodo.com/5807996/hackers-spill-over-1000000-sony-online-accounts?tag=hackers

All of this extremely sensitive user data was stored in plain text, with zero encryption whatsoever.


The current "movement" has been labeled #AntiSec: http://gizmodo.com/5813560/lulzsec-and-anonymous-declare-open-war-against-all-governments-and-fat-cats

My understanding is they don't necessarily try to thwart the biggest and baddest security methods out there. They target the weak and vulnerable (*cough*Sony*cough*) with stuff like sql injections and DDOS attacks. Nothing new or revolutionary. Just demonstrative.

Edited by keyboardNinja, 15 July 2011 - 01:45 AM.

PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#7 MML

MML
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 15 July 2011 - 07:18 PM

Heh, I've been on the interwebs for years, so I'm pretty good when it comes to password safety in general :)

I've been in touch with Western Union and they asked me to forward the email to them, but since it fell into spam in the first place and was deleted... :P . I've already logged into the account, and not only were there no notifications of warning in the account itself, it also showed no unauthorized transactions. Western Union isn't even my primary form of banking, but in any event I switched up the password.

#8 4dude

4dude

  • Members
  • 578 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:30 AM

Posted 17 July 2011 - 10:27 PM

The sad thing is: UNTIL WE KNOW HOW THEY ARE GETTING THE PASSWORDS,NO ACCOUNT IS SAFE!!

#9 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:30 PM

Posted 17 July 2011 - 10:33 PM

No account is ever 100% safe. If hackers want it bad enough, they'll get it. In the words of cryptodan, "If it has been created by man then it can be easily destroyed by man."
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web

#10 MML

MML
  • Topic Starter

  • Members
  • 241 posts
  • OFFLINE
  •  
  • Local time:12:30 AM

Posted 18 July 2011 - 03:02 PM

Exactly why I minimize the amount of information I give out, and restrict my online financial stuff quite severely. Not foolproof, but it minimizes everything as much as I can.

#11 keyboardNinja

keyboardNinja

    Bleepin' Ninja


  • Members
  • 4,815 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:teh interwebz
  • Local time:11:30 PM

Posted 18 July 2011 - 03:05 PM

:thumbup2:
PICNIC - Problem In Chair, Not In Computer

Posted Image Posted Image

20 Things I Learned About Browsers and the Web




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users