Yahoo blocking BT mails

Discussion in 'Broadband' started by Woody, Mar 1, 2014.

  1. Woody

    Woody Guest

    I wonder if anyone can help or advise please.

    My elderly F-in-L uses BT Internet and his mail is handled
    for BT by Yahoo. A week or two ago when he tried to log on
    using Thunderbird his password was rejected and he didn't
    understand the message that popped up. As I set up has
    account I know all of the details so had a look at it
    myself. It seems that BT/Yahoo had decided somehow or other
    that there had been 'suspicious activity' on his account and
    blocked access pending a password change.

    Of course there had been nothing from his machine and he is
    well virus and malware protected but as a precaution I did
    run McAfee Stinger to make sure. I then reset his password
    and all is now running smoothly.

    Since he has only ever used his machine at home - admittedly
    wireless but well protected - I cannot see how anyone could
    have blagged his account IF indeed they had. When I dug a
    bit deeper what I found makes me think that this was a poke
    from BT/Yahoo to change the password he had used for the
    last 379 days - in fact since he first went on line with BT.
    I find it odd that they apparently make an accusation on the
    basis of 'guilty until proved innocent' if all they wanted
    to achieve was a password change.

    Has anyone else come across this with BT/Yahoo and can
    enlighten me more? I also read that it looks as though users
    can opt to change from BT/Yahoo to BT Mail, but what are the
    benefits or otherwise of so doing and if it is an advantage
    what is the process.

    TIA
     
    Woody, Mar 1, 2014
    #1
    1. Advertisements

  2. Woody

    bert Guest

    See previous threads on this. I've had it twice recently. If you look in
    his inbox you'll find an e-mail explaining what the problem was and how
    to get round it. Problem is you can't get at the e-mail until you've
    fixed the problem and you can only do that by logging on via web mail.
     
    bert, Mar 1, 2014
    #2
    1. Advertisements

  3. Woody

    Woody Guest


    All the e-mail said was 'suspicious activity' which is
    essentially meaningless. I take a more cynical view.
     
    Woody, Mar 2, 2014
    #3
  4. Woody

    Graham J Guest

    [snip]
    I know two organisations with BT Business email accounts. Both have had
    random password changes recently; neither has any member of staff that
    would know how to call BT or log onto their website to make such a change.

    So I had to ring BT to get the password reset. On one occasion BT even
    told me what they had stored as the password; and this did indeed work
    and allow me to log in and change it.

    The users did report that their email clients had tried several times to
    connect, without success, so I suspect a problem with the BT mail
    server. When I reset the password to the value I knew to be stored in
    the users's email client mail arrived as usual; which confirms that
    there was never anything wrong with the confguration of the users's
    email client.

    I support a fair number of people who use other email service providers,
    and I've only ever seen this problem with BT.
     
    Graham J, Mar 2, 2014
    #4
  5. Woody

    Roger Mills Guest

    I can't comment on this particular scenario, but it sounds all too
    familiar as the sort of underhand tactics used by some organisations.

    Not comms related, but something similar happened to me regarding one of
    my credit cards. The issuer reported 'suspicious' activity and insisted
    on issuing a replacement card. Just by coincidence(!) the new card
    happened to include the technology for contactless payments - which they
    were keen to roll out without waiting for the normal card replacement
    cycle. When challenged, they refused to elaborate on the nature of this
    suspicious activity. In my view, the only suspicious activity came from
    *them*! I no longer use that card.
    --
    Cheers,
    Roger
    ____________
    Please reply to Newsgroup. Whilst email address is valid, it is seldom
    checked.
     
    Roger Mills, Mar 2, 2014
    #5
  6. Woody

    Woody Guest


    +1 with Barclaycard of whom I had been a customer for almost
    40 years. I too closed my account.

    On the other hand I asked my bank, First Direct, if I could
    have a new debit card as my existing one was starting to
    delaminate. They sent me a contactless card. I rang them and
    said I didn't want a contactless card: the 'agent' tried to
    convince me, then put me through to a supervisor who did the
    same, but when I wouldn't budge she conceded that they still
    had 'a few' normal cards and they sent me one. At least they
    listened - Barclaycard just took the attitude 'take it or
    leave it' - so I did.

    I often read in the finance pages that chip-and-pin was
    brought in for security as it could not be beaten, but when
    there is fraudulent activity on the card it is <always> your
    fault - you have disclosed you PIN or written it down
    somewhere. The bank - I would say a notable few are
    persistent offenders - will not budge until the press get
    involved when suddenly they decide that the customer was not
    a fault and pay compensation into the bargain. If they can
    take that attitude with C&P what about contactless?
     
    Woody, Mar 2, 2014
    #6
  7. BT blamed Yahoo. Which is why they now have their own email servers.
    Yahoo is fading away!

    Steve
     
    Stephen Wolstenholme, Mar 2, 2014
    #7
  8. Woody

    Roger Mills Guest

    In my case, it was CapitalOne. They *did* agree to send me an old-style
    card but when it arrived - you've guessed it - it was another
    contactless one! I was going to cancel my account immediately, but then
    realised that I needed to wait until the next anniversary or I would
    lose my cashback. So I've still got the card, and occasionally use it
    for on-line payments - but it never goes out of the house!
    --
    Cheers,
    Roger
    ____________
    Please reply to Newsgroup. Whilst email address is valid, it is seldom
    checked.
     
    Roger Mills, Mar 2, 2014
    #8
  9. Woody

    Phil W Lee Guest

    That is a fundamental security breach by their support staff unless
    there was a seriously strong method of proving your identity before
    revealing the information.
    But it also shows a serious weakness in their systems - hell-desk
    operators should not be able to access user passwords, in fact NOBODY
    should except by resetting it, which should always leave an audit
    trail which cannot be accessed or erased by the person doing the PW
    change.

    Indeed, I would say it raises a suspicion as to how the password came
    to be changed in the first place - who else could have phoned them up
    and asked them to do it, or what the password was?
     
    Phil W Lee, Mar 3, 2014
    #9
  10. Woody

    Martin Brown Guest

    Yahoo got themselves mightily hacked and vast numbers of their users
    were spamming all their friends and contacts with messages of the form
    "M.Y. NAME" with a link to a nasty hostile web URL in the body.
    His machine is probably unaffected it is the cowboys at Yahoo that
    screwed up and with a name like that you know they are cowboys!

    http://news.yahoo.com/yahoo-mail-accounts-hacked-third-party-001135519.html
    Chances are his was one of the (many) accounts that were hacked.

    Did anyone make a formal complaint to the ICO or is BT's outsourcing of
    their email system to a bunch of incompetents somehow exempt from
    scrutiny by our myopic toothless so called watch dog?
     
    Martin Brown, Mar 3, 2014
    #10
  11. Woody

    Graham J Guest

    Name, DoB, Mother's maiden name, account number, amount of most recent
    bill. Fair enough for most purposes ...???
    I suspect in this instance the password had already been reset by a
    partial implementation of the "send me a new password" mechanism. This
    replaces the existing password with a random (numeric in this case)
    value, and sends an email with a link to the real password change page.
    But if your email is aready broken you cannot of course receive that
    email; a point I tried to explain to the helpdesk person, but which was
    not understood.

    However it does suggest that an automatically generated password is
    visible to the helpdesk person; or in fact that person generated a new
    password in response to my request but did not actually explain what
    they were really doing.
     
    Graham J, Mar 3, 2014
    #11
  12. This was indeed the case with a large cable internet company for which
    I once had the pleasure of working. Customers who had forgotten their
    passwords would sometimes ask me to tell them what it was, and I'd
    have to explain that it wasn't possible because the system didn't
    reveal it to anybody. After suitable checks that the caller was the
    actual account holder we could change the password for a new one, but
    there was no way of telling what it had been. It always struck me as a
    very sensible system.

    Some callers would be extraordinarily forthcoming in providing,
    without any prompting, a full explanation of how they had formulated
    their passwords in case I was interested, sometimes telling me about
    several other unrelated passwords that they had created in the same
    ingenious way. Not that any explanations were usually necessary as it
    was pretty clear from most of their choices that they thought the
    names of their children, pets, partners and football teams were
    sufficiently secure. Some people really are their own worst enemies.

    Sometimes they'd call with requests for their wireless router security
    keys, their Windows login passwords, or the codes that their
    secondhand or upgraded computers were demanding to activate Windows,
    and it was necessary to explain that these things were nothing to do
    with the provision of an internet service. The need to remain tactful
    at all times made it difficult to convince those callers that their
    ignorance or negligence was their own responsibility and not ours.

    Rod.
     
    Roderick Stewart, Mar 3, 2014
    #12
  13. Woody

    Invalid Guest

    I've had this problem fairly recently with someone for whom I am
    "technical support"! It seems that if one device is logged on to the
    Yahoo mail account, and another tries to login it triggers the
    suspicious activity filter.

    In my case she had received an iPad as a Christmas present, and some
    kind relative had set up the mail client to access her Yahoo mail
    account.

    What was happening was that the relative had set it up in such a way
    that it maintained the link even when the iPad was "switched off" (push
    mail was ticked I think, I'm not an Apple expert). So every time she
    went to her PC and tried to log in Yahoo saw the PC as a second device
    trying to connect simultaneously - and suspicious activity was
    triggered.

    I fixed it by setting up her iPad to use Yahoo's webmail access via the
    browser - which met the need, and hey presto - no further problems.
     
    Invalid, Mar 3, 2014
    #13
  14. Curious. The first time I encountered a corporate network. I
    discovered that it was possible to login using the same details at
    several terminals simultaneously. It seemed odd to me that the system
    would allow this because a person cannot be in two or three places at
    the same time, but the expert in charge of IT told me "Oh yes, that's
    perfectly normal". He seemed unable to understand my puzzlement.

    Rod.
     
    Roderick Stewart, Mar 4, 2014
    #14
  15. Woody

    Graham J Guest

    On a corporate network it is normal, but it came as a surprise to me
    also. A given user can both log on to the domain and connect using
    Outlook to the corporate Exchange server simultaneously from more than
    one workstation.

    Exchange seems to maintain a consistent view on all the connected
    Outlooks - there may be a few seconds delay to achieve this.

    I suspect that the design reason is that it allows for the possibility
    of a "logical user" which may be several people - such as "Sales".
    Everybody logged in as Sales would see the same emails and server shares.

    I suspect that if it wasn't a deliberate design decision then it would
    not work reliably; but I've not seen intermittent functionality or
    anything similar ...
     
    Graham J, Mar 4, 2014
    #15
  16. Woody

    Andy Burns Guest

    That's nothing special, IMAP4 can do the same as Exchange+Outlook.

    My phone and multiple laptops can have a consistent view of my email
    (all folders not just inbox) and squirrel webmail can too (though you
    need to refresh that to see latest updates).
     
    Andy Burns, Mar 4, 2014
    #16
  17. Thank you for pointing this out. Looks like one just has to wait until
    one is moved.

    I wonder if their spam filtering will change. I have had email classed
    as spam which I would rather have received.
     
    Michael Chare, Mar 4, 2014
    #17
  18. Woody

    Nigel Wade Guest

    I don't understand your puzzlement either.
    A person may not be in more than 1 place, but email clients certainly can be.

    My desktop email client is connected to the mail server all the time.
    If I'm away from my desk and want to check email I normally use my phone. 2 connections.
    I may receive an attachment which I don't want to read on my phone but on my tablet, I open mail on my tablet. 3
    connections.

    All perfectly normal. All fully synchronized.
     
    Nigel Wade, Mar 4, 2014
    #18
  19. Woody

    Jim Guest

    That's a timely reminder of the importance
    of always logging out of any passworded service.

    --
    :: Jim,

    NHS Health Database Sale Opt-out form:

    http://www.thebigoptout.com/opt-out-letter/
     
    Jim, Mar 4, 2014
    #19
  20. Woody

    bert Guest

    Have they?
    Last I heard BT were switching to Critical Path
     
    bert, Mar 6, 2014
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.