I have been hacked !!

Discussion in 'NZ Computing' started by Sir Leslie Bottocks, Feb 9, 2013.

  1. my yahoo mail,

    Recent Login Activity

    7:49 PM Browser Mail Access Japan122.209.228.141
    7:49 PM Yahoo!Xtra Mobile Logged In Japan122.209.228.141


    that weren't me!!!!
     
    Sir Leslie Bottocks, Feb 9, 2013
    #1
    1. Advertisements

  2. Sir Leslie Bottocks

    EMB Guest

    You and a bucketload of other yahoo!Xtra email users over the last week.
    There's either a pretty good dictionary attack going on, or someone
    isn't admitting that their password database has been compromised.
     
    EMB, Feb 10, 2013
    #2
    1. Advertisements

  3. Sir Leslie Bottocks

    Guest Guest

    So what was your password? Was it simple/ weak? If so, change it to
    gibberish, like wkkk#qqq123.
     
    Guest, Feb 10, 2013
    #3
  4. Sir Leslie Bottocks

    Dave Doe Guest

    http://www.telecom.co.nz/whatsnew/emailservicestatus/

    from that page...

    Phishing Scam Emails

    Feb 10, 2013

    Phishing Scam Emails


    We are aware some customers may be receiving unsolicited emails. If you
    have received any of these emails, we recommend that you delete these
    without opening them and under no circumstances should you reply to
    these emails with any log on, password or personal information.

    Yahoo has confirmed this morning that this issue is now resolved,
    however some customers may still receive a bounce-back reply from emails
    sent prior to this resolution. We recommend that all affected customers
    reset their Xtra email password, which can be done here:

    https://selfservice.xtra.co.nz/live/selfservice/ChgPwd/?GXHC_GX_jst=
    8258c07950ea6165



    Alternatively ? if you are a webmail user:
    Go to nz.yahoo.com
    Log on to your Telecom yahoo!xtra profile
    Click on account info under my profile
    Enter in your current password
    Click on Change or Forgotten password and follow the prompts

    If you use an email client like Outlook or Entourage, you should then
    update that account with your new password.
     
    Dave Doe, Feb 10, 2013
    #4
  5. Sir Leslie Bottocks

    Donchano Guest

    My email account hasn't been hacked, but then I started using a
    independent paid email service (Fastmail.net) shortly after Xtra
    stopped providing its own service and sub-contracted out to Yahoo. So
    the only address I have that still uses the Xtra domain is the one for
    my Xtra account and the Yahoo account associated with it has no
    addressbook.

    On the other hand, I use extremely robust passwords (12 to 16 random
    combinations of upper & lower case letters, numbers and symbols) on
    all of my online accounts. So if one of those is compromised it's
    pretty serious.

    So far I've received eight separate spam emails from friends and one
    business whose accounts have been hacked. Five of them from Xtra
    addresses, three of them from Yahoo addresses. So it's pretty clear
    that it's Yahoo that has allowed the accounts to be hacked - which is
    why I wouldn't trust Yahoo with my addressbook.
     
    Donchano, Feb 10, 2013
    #5
  6. Sir Leslie Bottocks

    Gib Bogle Guest

    This looks like bs to me. There are always phishing emails, but unless
    Buttocks responded to one his password should be safe.
     
    Gib Bogle, Feb 10, 2013
    #6
  7. Sir Leslie Bottocks

    Dave Doe Guest

    Indeed it's quite incorrectly titled - poor stuff from Xtra/Telecom.

    But then who'd expect them to fess up.
     
    Dave Doe, Feb 10, 2013
    #7
  8. Sir Leslie Bottocks

    Gib Bogle Guest

    http://thenextweb.com/insider/2013/...it-amid-reports-yahoo-failed-to-fix-old-flaw/
     
    Gib Bogle, Feb 10, 2013
    #8
  9. Sir Leslie Bottocks

    John Little Guest

    accounts-hacked-via-xss-exploit-amid-reports-yahoo-failed-to-fix-old-flaw/

    My reading of that article was that Yahoo still has an XSS flaw, and that is
    being exploited. However, the main breach occurred in June last year, an
    SQL injection attack which netted 450,000 or so accounts and passwords. It
    would seem the bad guys have been quietly cracking and harvesting address
    books since then.

    One of my daughters had an old Yahoo account from when she was a little
    girl, with "pretty princess" in the user name (despite her father's strident
    republicanism "kings and queens are bad people"). Naturally when she got
    older she moved to a less embarrassing moniker, but the old account was
    still there and it's address book started being spammed yesterday. There's
    no way an XSS vulnerability can affect an account that's not used (but of
    course the phishing e-mails entice people to a site that exploits the XSS
    thing.)

    I'm annoyed with myself that I wasn't aware of the scope of the breach in
    June, and the desirability of changing any Yahoo account password, even for
    an ancient unused account.

    Regards, John Little
     
    John Little, Feb 11, 2013
    #9
  10. Sir Leslie Bottocks

    EMB Guest

    Me too - but mine is 17 characters as anything less than 16 is
    vulnerable to a rainbow tables attack. I still changed it though.
    I've received a couple, and had close to 100 forwarded to me by users at
    work suffering from confucsion at them.
     
    EMB, Feb 11, 2013
    #10
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.