Has Yahoo Mail been hacked? Or do we just need better password security?
Linda just sent out a single copy of the following spammy email (the URL was live in the original):
Dear friend, How are you recently? I bought a laptop from a China company T0SHPD last week(the site is :www.toshpd1.com), and I received it now. The products are high quality with a very low price. They also sell mobile phones, TV, games, and so on. They are from Korea, Japan. You can go to their site to have a look, I am sure you will get many surprise and benefits. Best regards. h–)
It is in her Yahoo Mail Sent folder. It is not in the Sent folder for her desktop client (Outlook Express). Her computer passes a malware scan.
The site named first in the text looks to sell the kind of merchandise described. It has Whois record:
Domain Name: T0SHPD.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Name Server: NS1.DNSPOOD.NET
Name Server: NS2.DNSPOOD.NET
Status: ok
Updated Date: 14-aug-2010
Creation Date: 14-aug-2010
Expiration Date: 14-aug-2011
Its Google footprint seems to be a few dozen copies of that spam message, plus the default hits one gets for any domain with a live site.
The site actually linked via the URL has Whois record:
Domain Name: TOSHPD1.COM
Registrar: MELBOURNE IT, LTD. D/B/A INTERNET NAMES WORLDWIDE
Whois Server: whois.melbourneit.com
Referral URL: http://www.melbourneit.com
Name Server: NS1.DNSPOOD.NET
Name Server: NS2.DNSPOOD.NET
Status: ok
Updated Date: 23-sep-2010
Creation Date: 23-sep-2010
Expiration Date: 23-sep-2011
Its Google footprint is very small.
The recipients are:
- Linda’s husband, daughter, daughter’s boyfriend, sister
- Linda’s close friend
- A mailing list to which Linda posts
- A friend with whom Linda has emailed exactly once in the past 3 decades
- A person whose name and address Linda doesn’t recognize
There’s no news of a Yahoo Mail attack going around that I could detect.
The password on Linda’s Yahoo Mail account (since changed) was not ridiculous, not brilliant, and not specific to that site alone. So the simplest theory is that her account was hit randomly, with her password being either:
- Guessed
- Repurposed from some other site she registered at.
Do any other plausible theories come to mind?
Be careful out there, people.
Comments
11 Responses to “Has Yahoo Mail been hacked? Or do we just need better password security?”
Leave a Reply
You probably need to contact Yahoo Mail if you think the account is hacked. I love the fact that Gmail enables me to find out my last 4-5 login IP Addresses automatically (below page in small print).
Also time to change the password AND the hint question and answer (which are often weaker points).Gmail also has an option for moving your inbox in a manner so that you retain all present and future messages.
Ajay,
What is this moving option? I can think of a couple of other benefits around spam. 😉
Thanks,
CAM
I’ve noticed this too; quite a few friends, relatives, and myself have heard that we sent out spam. For myself, I only saw one sent spam in my sent mail; saw another through a bounced email . It only happened once to me. Of course, I changed password, but seems to me that yahoo needs to do some investigation into their security.
Phishing, perhaps?
Unlikely that Linda got phished in the normal way.
I’m guessing a hack of some other site where she used the same password.
Just wanted to let you know that this happened to me too last night (10/2/10), luckily someone called me and told me about the email.
Don’t know how they did it but I’m fairly familiar with all the protocols to avoid getting hacked or phished, etc. Have never had anything happen like this before … I’m of the mind that it has something to do with Facebook or something else that uses yahoo log in info.
Thanks for the great blog! Only place I found info on this shady email.
R. A.,
Most welcome!
Linda IS an occasional Facebook user, but not in any edge-pushing way that I know of. I haven’t asked whether she used the same password there as on Yahoo.
Add some salt to your passwords. For example, append the name of the current website to your “regular” password for each different website (‘password’ becomes ‘passwordYahoo’). That way, if your password leaks out from one website, it won’t be used to hijack any other website, and you can still remember all the different passwords.
[…] at least two different RSS readers) that the last post to come through our integrated RSS feed was a Monash Report post from September 29. Is this everybody’s experience? And how are our blog-specific feeds […]
Welcome to spam land. Linda has been lucky not to have experienced this thus far. In fact Hotmail is king of this particular spamming activity and I have received dozens – perhaps even hundreds of emails exactly like this one from several acquaintances’ Hotmail accounts. I must admit I do not understand the mechanism used for sending these, so can’t recommend a simple password change for example.
When I try to go into yahoo mail I get a message directing me to either end my account or create a new one. Has my account been hacked?