Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsMicrosoft WindowsMost likely cause of yahoo account hack?
Batman

Mad Scientist
29771 posts

Uber Geek

Trusted
Lifetime subscriber

#72154 21-Nov-2010 23:27
Send private message

Just realized something has been sending links from my yahoo to all my contacts. Even found unsent spam in my drafts folder!!!

So what's the more like cause:

1) random password obtained by bots
2) spyware infiltrating my avast or avg protected systems (free versions)
3) iPhone infiltrated
4) public computers - from work to libraries
5) gave my login details to facebook (like when I looked for friends by keying in my email details) *note I do not use any apps nor allow info sharing
6) etc???

Create new topic
nakedmolerat
4629 posts

Uber Geek

Trusted
Lifetime subscriber

  #407468 21-Nov-2010 23:54
Send private message

how secure is your password?



Ragnor
8223 posts

Uber Geek

Trusted

  #407473 22-Nov-2010 00:40
Send private message

Well we'd just be guessing so it won't help.

What you should do now is:

1: Ensure your machines are secure (scan with malwarebytes etc)

2: Change all your passwords for everything ensuring you use high quality secure passwords and making sure you use a different password for each site (use an application like KeePass to manage them if need be)

3: Contact Yahoo support about the account be compromised they might be able to investigate.

4: Never use a http site (non https) or connect to your email without using SSL/TLS on a public/shared wifi or lan network. Learn to use a VPN for better security.




michaelmurfy
meow
13271 posts

Uber Geek

Moderator
ID Verified
Trusted
Lifetime subscriber

  #407481 22-Nov-2010 00:58
Send private message

When using Library Computers it's best to reset them before leaving, since once you do that all the passwords / etc is all wiped.

Or use a laptop with the 100's of others on the Wifi Network.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.



xurizaemon
153 posts

Master Geek


  #407536 22-Nov-2010 09:40
Send private message

This is really common at the moment ("I just bought a Mac Book Pro/iPhone/etc from this great site", right?). I probably see one from a customer or friend once every week or so.

Have been wondering about the way these people are getting hacked - seems to be focussed on Yahoo! / Xtra customers - could be faked login screens, sharing account creds, weak passwords, wireless sniffing on HTTP instead of HTTPS, brute force attacks on another channel (eg bruteforce against Xtra POP3).

Really doesn't matter what the attack vector used on you was, your best response is to take the experience as an opportunity to learn more about keeping your account safe. It might have been any of the above suggestions, and you won't be any safer closing off just one option, you'll just think you are.

(Do you use Yahoo! Messenger? It would presumably use your email account details for login too? Another window for sniffing or bruting a password there.)

Batman

Mad Scientist
29771 posts

Uber Geek

Trusted
Lifetime subscriber

  #407552 22-Nov-2010 10:08
Send private message

nakedmolerat: mild-mod secure

ragnor: how do you use https sites? do i type https instead of http for all my email? for example geekzone is shown as http and not https? sorry confused - am going to google soon

mmurf/c71931f: hmm actually thinking about it now i only accessed 3 library computers 3 weeks after the date shown on the unsent draft mails. but the mails were only sent after i went onto the lib computers ... weird! malwarebytes negative

xurizaemon: don't use yahoo messenger. interesting to know the attacks are on yahoo/xtra. maybe there's a security lapse. maybe i should delete the account and use gmail only!

thanks guys i think i'm gonna research how to use https ...

Batman

Mad Scientist
29771 posts

Uber Geek

Trusted
Lifetime subscriber

  #407557 22-Nov-2010 10:13
Send private message

hmm so i typed https://mail.yahoo.com and it was red and ie9 said the certificate has been issued for another user or something

does that mean it's secure or not really?

freitasm
BDFL - Memuneh
79316 posts

Uber Geek

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #407559 22-Nov-2010 10:17
Send private message

joker97: hmm so i typed https://mail.yahoo.com and it was red and ie9 said the certificate has been issued for another user or something

does that mean it's secure or not really?


The certificate was issued to login.yahoo.com, when it should really be issued to the whole domain wildcard. Cheap people...




Please support Geekzone by subscribing, or using one of our referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies | Hatch | GoodSync 

 
 
 
 

Move to New Zealand's best fibre broadband service (affiliate link). Free setup code: R587125ERQ6VE. Note that to use Quic Broadband you must be comfortable with configuring your own router.
Zeon
3918 posts

Uber Geek

Trusted

  #407560 22-Nov-2010 10:19
Send private message

To be honest the most likely source is if you have used your email address AND SAME PASSWORD for your mail account to sign up to some dodgy website. They have both your email address and password so thats all they need.




Speedtest 2019-10-14

Batman

Mad Scientist
29771 posts

Uber Geek

Trusted
Lifetime subscriber

  #407626 22-Nov-2010 12:52
Send private message

actually it's an email address i rarely use and the password is not one i commonly use either. and i haven't signed on to any site with this email and password APART from the facebook uploading of contacts - that's all i can remember using these 2 rare combination for.

Ragnor
8223 posts

Uber Geek

Trusted

  #407941 23-Nov-2010 00:02
Send private message

joker97: nakedmolerat: mild-mod secure

ragnor: how do you use https sites? do i type https instead of http for all my email? for example geekzone is shown as http and not https? sorry confused - am going to google soon

mmurf/c71931f: hmm actually thinking about it now i only accessed 3 library computers 3 weeks after the date shown on the unsent draft mails. but the mails were only sent after i went onto the lib computers ... weird! malwarebytes negative

xurizaemon: don't use yahoo messenger. interesting to know the attacks are on yahoo/xtra. maybe there's a security lapse. maybe i should delete the account and use gmail only!

thanks guys i think i'm gonna research how to use https ...


Basically yes, however not all sites will have gone to the expensive of setting it up ssl certificates on their web servers.

Some will only use https for login then revert to http.  You will notice online banking is always done through https the entire time.

Gmail uses https by default.
Windows Live Hotmail uses https for login then reverts to http

If you haven't heard about Firesheep, it's a harsh reminder that on a public network you don't know who's listening in to traffic and login session cookies can be hijacked easily (post login) as your auth cookie is often submitted with every http request.

http://gigaom.com/mobile/stop-firesheep-with-fireshepherd/
http://lifehacker.com/5684348/blacksheep-alerts-you-when-networking-sniffing-tool-firesheep-is-active

Create new topic





News and reviews »

Gen Threat Report Reveals Rise in Crypto, Sextortion and Tech Support Scams
Posted 7-Aug-2025 13:09

Logitech G and McLaren Racing Sign New, Expanded Multi-Year Partnership
Posted 7-Aug-2025 13:00

A Third of New Zealanders Fall for Online Scams Says Trend Micro
Posted 7-Aug-2025 12:43

OPPO Releases Its Most Stylish and Compact Smartwatch Yet, the Watch X2 Mini.
Posted 7-Aug-2025 12:37

Epson Launches New High-End EH-LS9000B Home Theatre Laser Projector
Posted 7-Aug-2025 12:34

Air New Zealand Starts AI adoption with OpenAI
Posted 24-Jul-2025 16:00

eero Pro 7 Review
Posted 23-Jul-2025 12:07

BeeStation Plus Review
Posted 21-Jul-2025 14:21

eero Unveils New Wi-Fi 7 Products in New Zealand
Posted 21-Jul-2025 00:01

WiZ Introduces HDMI Sync Box and other Light Devices
Posted 20-Jul-2025 17:32

RedShield Enhances DDoS and Bot Attack Protection
Posted 20-Jul-2025 17:26

Seagate Ships 30TB Drives
Posted 17-Jul-2025 11:24

Oclean AirPump A10 Water Flosser Review
Posted 13-Jul-2025 11:05

Samsung Galaxy Z Fold7: Raising the Bar for Smartphones
Posted 10-Jul-2025 02:01

Samsung Galaxy Z Flip7 Brings New Edge-To-Edge FlexWindow
Posted 10-Jul-2025 02:01








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.







RSS feeds
Main feed
Forums feed
Copyright
©2002-2025 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Affiliate links
Samsung
AliExpress
Wise
Sharesies
GoodSync
Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright