Computer Software > Security
Yahoo account hacked
sevenlayermuddle:
This morning I logged into a rarely used yahoo account. Twenty minutes later, somebody from Georgia logged in and spammed all my contacts. It won't have done them much good as the only contacts were me and myself, at different addresses, but it was certainly hacked as can be seen from the 'recent logins' page.
Now... I like to get to the bottom of these things. Do I have to assume that machine I logged in from has been compromised? It was my Mac and, whilst OS/X is not immune to nasties, it is a smaller target than Microsoft and so probability is reduced.
Any opinions welcome.
7LM
sevenlayermuddle:
With apologies for the monologue, I may have a partial explanation as to why the hack seemed to triggered by an actual login.
..Yahoo has only just started supporting SSL, and it's not on by default! >:(
See http://help.yahoo.com/kb/index?locale=en_US&y=PROD_MAIL_ML&page=content&id=SLN3610
However, SSL was already in use for the login page, so I still can't figure out how they got my password. One useful feature of Yahoo is the 'recent activity' page, which clearly show the hacker logging in from an IP in Georgia, so they clearly the did get that password. Which has now of course been changed, using a different browser in a different PC.
There's not an awful lot of choice when it comes to AV software for MAC, so I have downloaded a trial Kaspersky and will do a full scan overnight.
kitz:
I cant comment on the o/s although there are keyloggers out there for Macs that could be introduced via malicious means.
I know that years ago, the most common reason for yahoo mail accounts being hacked was brute force (bots) on the password - paticularly so if your user name was something that could be in demand.
However, I find it strange that the attack was triggered shortly after your own log in... more so if its one that youve not logged in to for a while... to me this would imply some sort of phishing sceme.
Just to check, how did you login... was it via a bookmark... or via an email link?
kitz:
Hmmm... on reflection it looks like your yahoo account has been hacked by this recent attack. The report is sketchy on details (probably for obvious reasons) but at a guess it would appear the fault lies with something on the yahoo servers.
I would have hoped that yahoo would have identified the compromised accounts and advised their users. Out of interest, once youd logged in to your mail, did you look at any emails that may have been a tad strange.
http://www.channel4.com/news/yahoos-email-system-hacked-by-criminal-spammers
-----------
Ive since seen a few reports that Mac users are being affected, and also that changing your password doesnt always help. Looks like yahoo mail may have a big problem atm :(
eg
http://uk.answers.yahoo.com/question/index?qid=20130316172423AAh2tfD
It would seem that yahoo says its plugged the leak, but according to the following it would appear not and users accounts are still being compromised :(
http://thenextweb.com/insider/2013/03/06/despite-its-efforts-to-fix-vulnerabilities-yahoos-mail-users-continue-reporting-hacking-incidents/?fromcat=all
This (to me) would seem to point to the fact that somewhere in your yahoo mailbox there was a corrupt mail just waiting to be opened.
sevenlayermuddle:
Hi Kitz,
I'm also thinking it might be some kind of fishing or man in the middle. In fact I logged in by typing 'yahoo.co.uk' into the address bar. I have checked the browser history and there is no sign of any spelling mistakes.
That yahoo account is so rarely used that it hasn't even seen any spam, ever. I created it as a means to access a 'group' somebody set up as a notice board for former colleagues, but the only thing I use the mail for is to prove receipt when I make any changes to other accounts. Yesterday I tweaked a google apps account then posted a test message to yahoo, logged in and saw it was there, and that was that.
My Kaspersky scan on the Mac ran for many hours, but finished overnight with no nasties found. I don't really care about the Yahoo account, but a keylogger on the Mac would be devastating.
Can't help thinking my case does so seem to be so tightly defined and recorded, amid so many other similar hackings, as to point to the possibility that yahoo's servers may be nternally compromised, or some kind of DNS redirection took place. There is no obvious way of contacting them to tell them about it, but I guess they would probably already know, even if they didn't publicly admit it.
As an amusing aside... That Channel 4 article looked interesting, and he was inviting people affected to get in touch. I don't do twitter ( :) ) so I sent an email to channel 4's published 'news' email adress, which was promptly returned with an error saying their mailbox was 'over its quota'. :D
edit; removed and explicit email address that I probably oughtn't have quoted :-[
Navigation
[0] Message Index
[#] Next page
Go to full version