Question about e-mail spam

[LChoy]

Asking the CP brainstrust

I found out the other day that one of my dormant e-mail accounts got accessed by someone in Saudi Arabia and sent out a bunch of spam messages to everyone in the contact list. Fortunately, this was a specific throwaway account (yahoo) that isn't connected to my primary one, and there were very few contacts listed.

Anyways, that got me thinking how it was compromised? the password is unique, the account is something that I used a few times when I was still in university and been dormant for 5 years now, and when it was used, it was only linked to a few legitimate websites (it was for a yahoo group site).

I changed the password on it and everything is fine now. Just curious how it happened

[Wormius]

Do you mean "unique" as in not easy to guess, didn't use it for any other system, or both?

They could have obtained it by hacking or infiltrating a site with weak security and pulling email addresses and passwords out. If you used the same password for that site as your old email address they could have done that.

[LChoy]

I think I mean both
I only used that e-mail and password for yahoo and a group I joined awhile back
The password in retrospect was probably pretty simple as it was only 8 letters

It was just an observation. Usually I notice if a friend's e-mail got hacked, it's was generally an old one and/or a yahoo/hotmail account. Gmail seems to provide the best protection so far

[Wormius]

My Yahoo got hacked a while ago as well. The password wasn't simple, but I had used it on other sites. The first thing I did after changing my password was delete my contact list. There is also a link to see where your account was logged in from. It's kind of obscure, but mine was accessed somewhere from India and they sent out a crapload of emails. I am hoping all they did was send out emails and didn't copy my personal emails over, but impossible to know, I guess.

[photon]

Email is so key to every other aspect of one's online life I think it's best to pay special attention to its security. Use a good strong password (doesn't have to have special characters or numbers or anything, just has to be long and random. I use this to generate passwords currently:

http://rumkin.com/tools/password/diceware.php

And if your email service offers it, use two factor authentication (Gmail does), this makes it almost impossible to hack your email. In Gmail's case if you access your email from a new computer/location it sends you a text message (to a phone # you've previously setup and verified) with a response code that you have to enter. So even if some guy in India figures out your password it's still useless unless they can hijack your phone at the same time.

[Wormius]

What's going on with Yahoo these days? I am getting spam from a couple of people's hacked email accounts just today. Did Yahoo mess something up, or are people picking really bad passwords?

[Hack&Lube]

Quote:

Originally Posted by Wormius

What's going on with Yahoo these days? I am getting spam from a couple of people's hacked email accounts just today. Did Yahoo mess something up, or are people picking really bad passwords?

This!

Are you seeing Yahoo e-mails where the subject is the same name as the sender with the website from Argentina in the body?

Hopefully this means that Forefront will start picking it up.

[Wormius]

Quote:

Originally Posted by Hack&Lube

This!

Are you seeing Yahoo e-mails where the subject is the same name as the sender with the website from Argentina in the body?

Hopefully this means that Forefront will start picking it up.

Yes, it had the sender's name in the subject line, and then some nonsensical link in the message body.

What does this mean? Seems kind of suspect. One of the hacked emails was from a pretty anal retentive about passwords kind of guy, and the other from my mother, who doesn't do anything online except send emails through Yahoo.

My wife's and mine were hacked months ago, but we were stupid using the same password for multiple sites, so remedied that.

I think I might just download any important emails and delete everything off Yahoo.

[cKy]

We have been getting tons of calls @ my work for peoples Yahoo's accounts spamming out. Had a few people who brilliantly used a Yahoo account for work stuff. Stupid Yahoo.

[LChoy]

Quote:

Originally Posted by Hack&Lube

This!

Are you seeing Yahoo e-mails where the subject is the same name as the sender with the website from Argentina in the body?

Hopefully this means that Forefront will start picking it up.

Yeah, I don't think it's a password thing. Mine was a random string of letters and numbers. Must be something at Yahoo's end.
For mine, it was saying my account was accessed by someone in Saudi Arabia

[BloodFetish]

The name that appears in the subject line may not necessary be hacked, rather the spammers are spoofing the 'real name'. The important bit is the actual sending email address, which you can find in the message source.

The name that appears in the From field or subject line - I have no idea if this comes from a contact list, or a web scrape, or god knows where else.

So far we're seeing these coming from Yahoo.ca, Yahoo.com, and Rogers.com (who also use Yahoo's servers)

The sending email accounts are real (ie: not spoofed) so backscatter doesn't help us. We've resorted to adding content filtering rules to weed these out. We use Alt-N's MDaemon for mail. If anyone else uses the same software I'd be happy to help.