My Orcon webmail was hacked...

Discussion in 'NZ Computing' started by ~misfit~, Feb 18, 2013.

  1. ~misfit~

    ~misfit~ Guest

    Back when Seeby posted here and Orcon was new and shiny they offered free
    lifetime emails to NZers. When I heard (here) I quickly signed up for a
    couple of them. You can never have enough email addresses right? (I like to
    keep 'groups' separate, a different email for a different purpose.)

    Anyway, back then I didn't worry too much about strong passwords and, as I
    don't use this particular account much now hadn't changed it. It was a
    seven-letter word that a dictionary attack would have found easily. (I have
    Tbird set up to gather emails from perhaps 10 different email accounts from
    around the web...) I did use this email as a 'return to' for Usenet for a
    couple years, ending over 18 months ago...

    A few days ago my Tbird inbox was getting flooded with returned emails,
    hundreds and hundreds of them - apparently coming from that addy. (Then
    there came a flood of hourly re-try bounces....)

    So, for the first time since I was an Orcon customer 5+ years ago I went to
    their webmail page to change my password to something more obscure. (I have
    a couple 'friends' who use that address to contact me so didn't want to dump
    it.) While I was there I checked the 'sent email' folder and discovered 10
    emails sent from the webmail page on 18/08/12 purporting to come from
    ExxonMobil, typical "You have won..." spam. There was also another 10
    similar emails dated 26/11/12 but this time supposedly coming from Gazprom
    Oil.

    So, my account had been compromised for a while - I just didn't know it. It
    seems that initially it had been used via the webmail interface but this
    month accessed remotely, through SMTP or IMAP. So, I'd changed the password
    to a mix of letters, numbers and symbols and was about to log off when I
    decided to have one last look around the account.

    That's when I found that an 'alternate identity' had been set up (presumably
    for getting back into the account if I changed the PW). It was:
    Full Name: Gazprom Oil
    Email: [my orcon addy]
    Reply to:

    I very quickly deleted it and changed the password again, just to be sure.
    As I'd never heard of Gazprom Oil I did a quick Google and that's when I
    found this:
    http://www.nbcnews.com/technology/technolog/anonymous-targets-oil-companies-email-hack-887067
    Probably has nothing to do with my account but who knows? <shrug>

    Anyway, info posted FYI. Hopefully I've got it sorted now.
    --
    /Shaun.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1)
     
    ~misfit~, Feb 18, 2013
    #1
    1. Advertisements

  2. ~misfit~

    EMB Guest

    Same thing happened to my boy a few motnhs back (and the fsckers changed
    the password). Orcon support were great in getting it sorted.
     
    EMB, Feb 18, 2013
    #2
    1. Advertisements

  3. ~misfit~

    ~misfit~ Guest

    Bugger! They're not very secure maybe? Handy to know they helped sort it
    out. (Although I registered that one under an assumed name - in case they
    took exception to me having more than one email addy - and don't remember
    DOB etc if needed to re-set the password. :-/)

    Cheers,
    --
    /Shaun.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1)
     
    ~misfit~, Feb 18, 2013
    #3
  4. ~misfit~

    ~misfit~ Guest

    LOL! Nah mate, I'd rather keep out of the spotlight. :)
    --
    /Shaun.

    "Humans will have advanced a long, long, way when religious belief has a
    cozy little classification in the DSM."
    David Melville (in r.a.s.f1)
     
    ~misfit~, Feb 19, 2013
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.