[lug] WARNING! My Yahoo email account was hacked this morning!

dafr at dafr.us dafr at dafr.us
Tue Jun 11 09:35:46 MDT 2013 

Because I don't work on the Y! Mail team, I can't precisely answer all
of your questions, but I'll see what I can do here. If you have other
questions I will work to get them answered as well.

There *should* be an authentication if you change regions as that is
often where an exploit is attempted from. Y! Mail should ask you to
either receive a text message or have you answer one of your security
questions on file if you have two-factor authentication enabled. I
don't travel abroad often so I can't say that it works for me.

As already mentioned in another thread, Google offers printable
one-time-passwords to facilitate this as well.

The biggest problem that Y! Customer Service faces is when people have
forgotten their security question answers and not having a mobile
number on file to authenticate them as the real owner.

df

>  The problem I've found with this approach (with Google) is that I have
>  two phone numbers, one Italian and the other American. When I travel,
>  I often get problems with the phone in the other country. Google sees
>  the change of country from IP and tries to force me the two step auth,
>  which I can't use because of the phone issue (not to mention if the
>  phone is lost of stolen while in the other country). So I get
>  completely locked out: no phone, no email. Well I have the other
>  phone, but most people don't. It might be good for some people, but
>  for me (and people who travel) this two step thing is just a big PITA.
>  Please enlighten us if you know better (or if Y! does better than G)
>  Thanks,
>  Dav
>
>  On Sun, Jun 9, 2013 at 1:21 PM, David Frye <dafr at dafr.us> wrote:
> > Yahoo! is now offering two factor authentication which is helpful to
> > prevent this from happening.
> >
> > You can also check to see where the intrusion may have happened by
> > accessing your Account Information and then viewing the Recent Login
> > Activity. There is also a Manage App and Website Connections where
> > you can disassociate any unknown devices or apps from your account.
> >
> > It's highly encouraged that you add your mobile number to your
> > account and confirm or update your personal questions as ways to
> > recover the account if you ever can't get in. Your phone number is
> > secure and will not be used for any other purpose.
> >
> > david
> >
> > Disclaimer: I work at Y!, but do not speak for them here.
> >
> >
> > On Jun 9, 2013, at 11:48 AM, Dru Whitledge wrote:
> >
> >> Hmmmm. this of all places is where I would hope for some more
> >> detail. Most folks on this list are pretty techie and some
> >> terminally techie types who could help us all avoid the threat of
> >> what got you.
> >>
> >> So, I assume that YOU also got an email with the -- "subject line
> >> "Enjoy!" and surely you didn't click on an unknown executable, but
> >> it got you anyway? Help us understand how it might get us. Have you
> >> identified what exactly did get you?
> >>
> >> Mucho thanks,
> >>
> >> Dru
> >>
> >>
> >> At 12:00 6/9/2013, lug-request at lug.boulder.co.us wrote:
> >>> Send LUG mailing list submissions to
> >>>        lug at lug.boulder.co.us
> >>> Today's Topics:
> >>>
> >>>   1. WARNING! My Yahoo email account was hacked this morning!
> >>>      (Gail Austin)
> >>>
> >>>
> >>> ----------------------------------------------------------------------
> >>>
> >>> Message: 1
> >>> Date: Sat, 8 Jun 2013 15:25:04 -0400 (EDT)
> >>> From: Gail Austin <gail_austin_co at yahoo.com>
> >>> To: lug at lug.boulder.co.us
> >>> Subject: [lug] WARNING! My Yahoo email account was hacked this
> >>>        morning!
> >>> Message-ID:
> >>> <1113724634666.1107416906074.4389.7.6152503 at scheduler.constantcontact.com>
> >>>
> >>> Content-Type: text/plain; charset="iso-8859-1"
> >>>
> >>>
> >>>
> >>> Hi All: This morning, my Yahoo email account was hacked. I believe
> >>> that a bogus
> >>> email that appears to have been sent by me with the subject line
> >>> "Enjoy!" and just
> >>> an attachment has been sent to everyone in my Contacts list. So I
> >>> am sending out
> >>> this warning - please don't open the attachment in any emails from
> >>> me that just
> >>> have an attachment! My apologies for this inconvenience!
> >>> Best regards,
> >>> Gail
> >>> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> >>
> >>
> >> _______________________________________________
> >> Web Page:  http://lug.boulder.co.us
> >> Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> >> Join us on IRC: irc.hackingsociety.org port=6667
> >> channel=#hackingsociety
> >
> > _______________________________________________
> > Web Page:  http://lug.boulder.co.us
> > Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
> > Join us on IRC: irc.hackingsociety.org port=6667
> > channel=#hackingsociety
>  _______________________________________________
>  Web Page:  http://lug.boulder.co.us
>  Mailing List: http://lists.lug.boulder.co.us/mailman/listinfo/lug
>  Join us on IRC: irc.hackingsociety.org port=6667
>  channel=#hackingsociety
>

More information about the LUG mailing list