Hacked Yahoo Account

[goombawaho]

Somebody hacked a customer's Yahoo account. Emails were sent to everybody in their contact list - no subject with a URL in the body. The emails showed up in the SENT folder of the Yahoo account. The person received some undeliverables in their Inbox from some invalid contacts.

I see from several of the undeliverables that the IP address indicates that they were sent from somewhere in Poland (82.160.88.X).

First question is why there are messages in the SENT folder if the undeliverables show as coming from Poland?

Second question is how the account could have gotten hacked? The PC they use to access email was clean of malware and the other way they access it is through their Iphone.

I guess I'm wondering what I can tell them to avoid this is the future. I mean its one thing to have an infected computer and get the password stolen, but a clean computer and an Iphone.

 

[sennister]

The fact that the messages appear in the sent folder of the account tells me that someone knew the email address and most likely performed a dictionary attack against the account. Basically used a script to guess the password until they got it right. Because you are talking about a web based email system you are probably right, the person's computer could very well be clean of malware and viruses. The hacker just went to yahoo.com from their computer and logged in as this user.

As for as what to do about it. The first step is to pick a better password. I have seen this same thing happen to Hotmail accounts with weak passwords. As far as where the hacker got the person's email, could be anywhere. Anything from email lists that are floating around Spam groups to that is what he/she uses on their Facebook or other social networking site.

So STRONG PASSWORD, STRONG PASSWORD, STRONG PASSWORD. That is the best defense. Another is to have a junk email account for things like social networking sites, as well as registering for things. As these email accounts will quickly become overrun with spam.

 

[cmeagan656]

Hmmm... There's a similar thread in the Virus/Spyware discussion forum involving aol.com. In that case the "sent items" folder was wiped clean of ALL their mail so it's as though someone was trying to cover their tracks.

Hope this helps.

Please help us help you. Read Tek-Tips posting polices before posting.
Canadian members check out Tek-Tips in Canada for socializing, networking, and anything non-technical.

 

[goombawaho]

But what I'm trying to figure out or understand is this:

There were emails in the Sent Items folder, which means they actually sent from the account directly (logged into Yahoo). But there were also emails coming back undeliverable with that other foreign IP address as the source, which would mean that they were using another (zombie?) computer to send out emails using the person's contact list.

Do both those assumptions make sense?? I just want to make sure I have it analyzed properly.

 

[kjv1611]

Sure sounds correct. And it wouldn't seem far-fetched at all for this to happen.

I know a coworker of mine JUST had the exact same thing happen with her yahoo account. So now, all of her closer coworkers - those working closer/within same department - have been getting SPAM at home and at work. Go figure. I did advise her to first try to reset her password to a very strong password... either she didn't do it yet, or it didn't matter, b/c I got another one of hers at work just moments ago.

I think that sometimes, the email accounts have been hijacked regardless of passwords, though, by someone hacking the yahoo servers... or maybe it was another email provider, I forget.

 

[kjv1611]

Sure sounds correct. And it wouldn't seem far-fetched at all for this to happen.

I know a coworker of mine JUST had the exact same thing happen with her yahoo account. So now, all of her closer coworkers - those working closer/within same department - have been getting SPAM at home and at work. Go figure. I did advise her to first try to reset her password to a very strong password... either she didn't do it yet, or it didn't matter, b/c I got another one of hers at work just moments ago.

I think that sometimes, the email accounts have been hijacked regardless of passwords, though, by someone hacking the yahoo servers... or maybe it was another email provider, I forget.

 

[kjv1611]

Sure sounds correct. And it wouldn't seem far-fetched at all for this to happen.

I know a coworker of mine JUST had the exact same thing happen with her yahoo account. So now, all of her closer coworkers - those working closer/within same department - have been getting SPAM at home and at work. Go figure. I did advise her to first try to reset her password to a very strong password... either she didn't do it yet, or it didn't matter, b/c I got another one of hers at work just moments ago.

I think that sometimes, the email accounts have been hijacked regardless of passwords, though, by someone hacking the yahoo servers... or maybe it was another email provider, I forget.

 

[goombawaho]

Congratulations - TRIPLE post for emphasis. Ha ha.

 

[kjv1611]

That's weird. It got trippled, b/c I kept getting the tek-tips OOPS error. So, I refreshed the page to resubmit. Didn't realize that it got submitted and THEN oops'ed. [LOL]