Yahoo e-mail hi-jacking

Need Help?

That's what we're here for! The goal of the Rogers Community is to help you find answers on everything Rogers. Can't find what you're looking for? Just ask!
cancel
Showing results for 
Search instead for 
Did you mean: 
Reply
Highlighted
I've Been Here Awhile
Posts: 2

Yahoo e-mail hi-jacking

Today someone sent e-mails to everyone on my contact list under my name. I have friends all using Yahoo mail that have had the same problem.

I run McAfee and have scanned my computer without any problem. I think there is something wrong with Yahoo mail!!!

 

 

***edited labels***

Resident Expert
Resident Expert
Posts: 13,822

Re: Yahoo e-mail hi-jacking

Ontop of virus scanning, you should run a decent malware scanner as well.  Most will reccomend MALWAREBYTES.

 

It is quits possible, that your email account was hacked into.

 

First thing, would be from a machine you know is clean, go in and change your password on your email.  The reason i say clean, is if you have a simple keyloger (which is why i recomend doing the malware scan), by resetting it on your machine, you could be giving them the info all over again.



Resident Expert
Resident Expert
Posts: 2,473

Re: Yahoo e-mail hi-jacking

The yahoo mail system was recently hacked 4 days ago by a sophisticated hack which took advantage of a vulnerability in yahoos email servers.  From my sources, the hacker did not have the accounts passwords but he was able to gain access to them to send out unsolicit spam to everybodys contact list, heck it even happened to my account, my parents account and my relatives, all on the same day,  there is no virus on your computer as the mail servers were only attacked, not your individual pc,  my best advice is tell your friends not to open any emails from you containing links,  secondly log into your yahoo acct promptly and change the password, even though chances are they dont have your password as this was a brute force attack, but its better to be safe anyways. 



I Plan to Stick Around
Posts: 30

Re: Yahoo e-mail hi-jacking

To reinforce this, I just received one of these spams from someone who passed away a year ago and the computer he used no longer exists.

Resident Expert
Resident Expert
Posts: 13,822

Re: Yahoo e-mail hi-jacking

Thanks for the update pauly! i hadnt seen any info on that.. so was playing it safe, with the user checking their PC Smiley Happy



I Plan to Stick Around
Posts: 12

Re: Yahoo e-mail hi-jacking

Are you sure this was a server hack and not the XSS exploit?  When is Yahoo going to get their act together?

I'm an Advisor
Posts: 842

Re: Yahoo e-mail hi-jacking

A family member (who is on Rogers cable internet) also had her Yahoo email account used to send out spam.  I was the recipient, two days ago, of one such message from her.  She uses the Yahoo account only infrequently, so was quite alarmed that her Yahoo account was the source of spam messages to her contact list.

 

In this case the spam content was a single URL to a website apparently owned by a Croatian, which when clicked gets redirected to a "pay-per-click" website.  I will not compound the annoyance by listing the offending web site here as well.

 

Reports are that Yahoo is having security problems apparently with some WordPress-related exploit which was actually discovered and resolved over eight months ago.  Yahoo neglected to correct the security hole on their systems.

 

The person who discovered the WordPress vulnerability on Yahoo put up a YouTube video describing how to use it.  So there must be quite a few out there who know about it.

 

Given that I received the spam email only two days ago, Yahoo are taking their sweet time fixing the security hole!

 

skinorth

 

Resident Expert
Resident Expert
Posts: 13,822

Re: Yahoo e-mail hi-jacking

Found this article.

 

http://arstechnica.com/security/2013/01/how-yahoo-allowed-hackers-to-hijack-my-neighbors-e-mail-acco...

 

At least from the update on it, etc.. it says that it SHOULD be fxied.. assuming this is the same vulnerability.

Now.. that some people have only had it recently.. COULD be something different.. or could still stem from the initial issue.. IF the person effected, has NOT changed their password, etc since.. they still could potentialy be vulnerable.  The hacker using the older information, just not using it right away.

 

Truthfuly, it would have been smart on Yahoo's end, after such a thing.. just as a JUST IN CASE.. make a manditory password change upon next login type of thing.

But that would require being proactive... if they had patched the vulnerability when it was fount last last  year, it wouldnt be an issue now would it Smiley Tongue



I'm an Advisor
Posts: 842

Re: Yahoo e-mail hi-jacking

@Gdkitty:

 

the arstechnica.com article I read earlier today when I Googled on the Yahoo email security issue.  As I read it, this article is an outright condemnation of Yahoo and its total irresponsibility when it comes to security.  Not only does Yahoo not fix the security hole promptly, they then issue bulletins to their email users that they should change their email passwords, implying that this will actually either solve the problem or improve the situation.

 

In my opinion, anyone who has a Yahoo email account should immediately close it out and move all of their email activities to another email service.  They should move to anything but Yahoo.  Yahoo needs to feel the consequences of their corporate inaction, slothfulness and blatant misrepresentation.

 

Damage control my a.s.s.....

 

skinorth

 

Resident Expert
Resident Expert
Posts: 13,822

Re: Yahoo e-mail hi-jacking

I won't argue with that, but they are not the first nor the last to do it unfortunately either.

While I have had a Rogers email since the Rogers @home beta, I have not always used it. I was a hotmail user for a while. After repeated security breaches on their end at the time, forced me to drop using them.

Perhaps it's the same thing/time here.

Everyone needs to make that call on their own.
If every time a company screwed up security wise though, and everyone left, we wouldn't have any more PS3 owners anymore either Smiley Tongue

But everyone needs to make the decision. There is Nothing that says a user using Rogers, has to use a Rogers email Smiley Happy. Users can feel free to use whichever service they
choose to, or even multiple ones like myself. Smiley Happy