E-mail account hacked

Discussion in 'Travel Technology' started by TRHiker, May 27, 2011.  |  Print Topic

  1. TRHiker

    TRHiker Silver Member

    Messages:
    25
    Likes Received:
    11
    Status Points:
    150
    This morning, one of my personal Yahoo e-mail accounts was hacked and spam sent to those in my address book. Yes, I immediately changed password and notified those who had been sent the spam to ignore the prior e-mail. C'est la vie in the digital world. I would say the password was moderately strong, which makes me wonder if the password may have been stolen rather than randomly found.

    I am fairly confident that neither of the PCs I have used to access the account recently has been compromised, especially since both were completely off for several hours immediately prior to the time of hacking and both have pretty good and current internet security software. One login to this e-mail account was from Iran and the other from the Netherlands within a few minutes of each other.

    Thus, if stolen, then probably either from an Android app, where the password was stored, or from another site where I use the same name/password combination (a few of those). My question is whether anyone reading this is aware of recent (say since May 20) security breaches in any Android e-mail apps or other websites. If I am able to nail down a likely place where the password may have been stolen from, I can isolate that site and make sure the password there is not repeated. It is a long-shot but worth asking, I think.

    Thanks,

    TRHiker
     
    Gargoyle likes this.
  2. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Well there's an Android token vulnerability that I posted about, although I have no idea if there's a link between that and your problem. Not sure if you have (or if there is) a Yahoo! app that could be vulnerable, or if you even use saved public access points to create the hole.

    It's more likely that it was stolen from this other site, but that depends on what they say... if someone has your password that's only half of the equation, they'd still need to know your Yahoo! email address, unless this site has that as well?

    With regards to someone actually guessing it, anything is possible. You say the password was "moderately strong" but that's not saying much... complexity breeds entropy, and a 10 character password with mixed case letters, a number and a special symbol is only "fairly secure" nowadays when everybody has a ton of computing power at their disposal.
     
    emajy and Gargoyle like this.
  3. TRHiker

    TRHiker Silver Member

    Messages:
    25
    Likes Received:
    11
    Status Points:
    150
    Thanks for the information. Yahoo! does have an Android e-mail app that I had installed a few weeks ago to try. It had both user name and password. A different e-mail app (that I am declining to name possibly to reduce it becoming a target) had a second account that did not appear to have been hacked. Thus I don't think that second app was the culprit. And I have deleted all saved public WiFi access points.
     
  4. I seem to have been hacked the same way.
    An email purporting to have come from my Yahoo email address has been sent to all my contacts.
    There is no title, but the body carries a phishing link, which I recognise as having been received some time ago on my pc (I thought I had deleted it permanently).
    Inspecting the new email header detail, the "Message-ID" line indicates " ...... androidMobile@web24105.mail.ird.yahoo.com"
    Which suggests it was sent from an andriod phone (maybe my own?)
    Anyhow, I have uninstalled the YahooMail app from the phone and run AVG (no issues reported).
    And I have changed my pc password and advised all recipients to destroy the hacked message.
    Never had any problems with my pc before though (using pandacloud antivirus), but am relatively new to the android market.
    Any suggestions?
     
  5. TRHiker

    TRHiker Silver Member

    Messages:
    25
    Likes Received:
    11
    Status Points:
    150
    If you dig into the Yahoo Mail tools, you can find from where the last several logins to your account occurred. I found that the hacker of my account logged in from both the Netherlands and Iran (at least that is what the Yahoo records reported). I never was able to get much feedback from Yahoo on the situation, they just kept telling me the solution was to change to a more secure password. Depending on where you are located, sending spam may be illegal and possibly the incident should be reported to the police or district attorney, as someone used your account for an illegal act. I didn't have much confidence that the local district attorney would have any success against someone outside the country, so I did not pursue further.

    TRHiker
     
  6. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,506
    Likes Received:
    20,199
    Status Points:
    16,520
    I do not believe that any spammer would go through the hassle of breaking a 10 character password with mixed case letters, number(s) and special characters, just to then use that yahoo account to send out spams to the addresses in that account's address book.
     
  7. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    Well it's "free money" -- relatively little effort to gain access to (at the very least) one more PC. And if you have a lot of friends that randomly click on any link you send them (and most people do) then the gains go up exponentially.

    Setting up a reasonably fast hash cracker takes a few GB of storage and memory, and about 12 hours or less to actually generate the tables. From that point on, if you have password hashes (like the ones that were recently released to the public by Anonymous or LulzSec), then it's impossibly easy to retrieve even relatively complex passwords.

    4 years ago you could crack "Fgpyyih804423" as a password in less than 3 minutes using rainbow tables, for example -- http://www.codinghorror.com/blog/2007/09/rainbow-hash-cracking.html

    And remember, some of these people don't care about your photos stored on your PC or even your email... they care about having your machine join their zombie army so they can do some real damage later on down the line.
     
    HaveMilesWillTravel likes this.
  8. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,506
    Likes Received:
    20,199
    Status Points:
    16,520
    Much easier to just order a bunch of chargers for $5 each and collect 80k+ AA miles :)

    Interesting read. But be sure to read all the way to the end of the article and then continue here:

    http://chargen.matasano.com/chargen...bow-tables-what-you-need-to-know-about-s.html

    (I have only scanned both articles, but they are interesting and are now on my "reading list")
     

Share This Page