Possible Yahoo Mail Breach

[Darrius Gothly]

I'm probably going to take heat for this, but it's important enough and I've seen enough evidence to convince me that there might very well have been a security breach at Yahoo.com. I tend to keep my fingers fairly tight on the Internet pulse, especially where it comes to spammers and related issues, and sometimes I see trends that occur as a result of wide-ranging events.

In this particular case, I've come into possession of evidence that leads me to believe a large number of Usernames and Passwords were "liberated" from Yahoo.com.

As I say, at this point it is pure conjecture on my part .. and hopefully I'm dead wrong. But if you use Yahoo email as your primary account, I strongly recommend you investigate what messages have been sent from your account without your knowledge AND change your account password ASAP.

And let's all pray I'm Chicken Little on this one...

[Czari Zenovka]

Thanks for the heads up, Darrius.  I received a strange email from a friend who uses Yahoo and plan to ask if he meant to send that (it was just an unfamiliar website addy that I did NOT click).  I don't think he did and could be one of the situations of which you speak.  I will let him know as well.

Just changed my pw.  I sure hope my email isn't spamming anyone.

[Charolotte Caxton]

I had issues with my Yahoo account yesterday. When I tried to log in I was told it was deactivated, I had to answer the security questions to get it reactivated.

[wiked Anton]

they would deactivate you account if they notice suspicious behaviour on you account to stop any further problems. To stop this kind of hacking, (yes i know its a pain) all you need do is change you password regualarly. I am pretty sure that yahoo even recommends this. So anyone that leaves the same password for months and gets hacked......self inflicted. because ultimately, your security is your responsibility.

[Dillon Levenque]

This isn't the first time, either. Yahoo's been getting hit pretty hard. There was a rather serious breach fairly recently (like in the last six months) that was well documented. I changed my pw then, even though I personally didn't see anything going on with my account. I may do it again. It's only Dillon's email and I don't do any business from there but I don't want the few people I communicate with via that account getting targeted.

[Darrius Gothly]

@Czari - Yup, that's one of the indications that the source account has been hacked. I have several email accounts that I maintain purely as "Honey Pots", and they've attracted a pretty sizeable number of those emails. The source email accounts were all Yahoo.com, all contained just a link to a strange website .. and some were followed up by the real owners apologizing for sending out spam along with warnings to not follow any links sent previously.

@Charolotte - As Wiked mentioned, that's the expected behavior when Yahoo notices your account has been compromised and used to send out spam/phishing emails. Welcome to the "Club"! *grin*

@Wiked - Thank you.

@Dillon - One of the traits of human behavior that is often used to the spammer's / hacker's advantage is the tendency to leave the same password in place for months (or years or ...). Often the passwords people choose are all too easily guessed as well. I've seen a few "Common Password" lists floating around over the years with incredibly large values for "Percentage of accounts using a password on the list". It's pretty scary when a list of 10,000 passwords covers more than 80% of the accounts. LOL

@All - If anyone runs into or spots an industry notice about this latest spate of cracked accounts, please post a link. I haven't seen anything yet myself, but the posts added here leave me even more positive that someone managed to stick a pry bar into Yahoo's database yet again.

It appears that whoever gained access to the (many) accounts' details has been semi-smart in that they sent only a handful of emails per account ... most probably to cut down on automatic detection by Yahoo's behavior monitors. I wonder if Yahoo has even tumbled to the fact that they've had another hit?

[Dillon Levenque]

---

Darrius Gothly wrote:

@Dillon - One of the traits of human behavior that is often used to the spammer's / hacker's advantage is the tendency to leave the same password in place for months (or years or ...). Often the passwords people choose are all too easily guessed as well. I've seen a few "Common Password" lists floating around over the years with incredibly large values for "Percentage of accounts using a password on the list". It's pretty scary when a list of 10,000 passwords covers more than 80% of the accounts. LOL

---

 

 

 

So you're saying going from '1234' to '1235' might not be enough to throw them off? I should like go maximum security and try '1236'?

[Darrius Gothly]

Well .. I wouldn't go THAT far. Maybe if you haven't changed it in a couple of years, you might think about it some. But there's absolutely no reason to get all paranoid like that.

However, if the yellow sticky-note with all your passwords has gotten so old that it requires tape to hold it to your monitor, then really the best security step is to rewrite them on several new sticky notes and put them in a few extra places around your office cubicle.

[Czari Zenovka]

Update - Confirmed that email I received from a friend was part of the hack sent without his knowledge.  He said he received a bunch of mailer daemon errors in his email and thought, what the heck?  Then realized it was a hack and changed his pw.

I have to remember to change my pw more often - I've heard once a month is a good rule of thumb.

[Darrius Gothly]

I've now started seeing indications that Hotmail.com has been compromised as well as Yahoo. So far it doesn't seem to be a big breach, but it's there all the same. Also Twitter announced that hackers had penetrated their security and accessed 100,000 250,000+ accounts .. obtaining the Email Addresses and Passwords of the compromised accounts.

So on your "To Do" list for today .. log into your Hotmail and Twitter accounts and change your passwords. Just in case ...

ETA: Correct number of Twitter accounts compromised

[Jadeclaw Denfu]

NHK-World reported today, that Twitter has been attacked and account data of possibly up to 250 000 users had been stolen.
Including usernames, passwords and session tokens. An attack started during analysis could be stopped in its tracks.
(Heise.de confirms it.)

These attacks are likely connected to the attack on the New York Times after that paper published a report about the wealth
of the chinese leader Wen Jiangbao.

Report: http://www3.nhk.or.jp/daily/english/20130202_14.html

 Addendum: No word seen about Hotmail or Yahoo.

[Czari Zenovka]

I heard about the Twitter hack last night and immediately cancelled that account.  I don't do the social media thing but had Twitter for the few times I wanted to follow something of interest.

This may have nothing to do with the Yahoo/Hotmail/Twitter/Java situations but, while listening to a late-night radio show last week, I heard that the hacking group "Anonymous" has threatened ongoing hack attacks in retaliation for the heavy-handed sentencing of Aaron Swartz (co-founder of RSS) which resulted in Aaron's suicide rather than facing a long prison sentence. (I am relaying the info I heard - no commentary on my opinion either way.)

"Anonymous" placed a video on the US government website for the agency that establishes sentencing policies warning of increasing attacks against government sites if moves are made to hinder a free internet.  After watching the video that is replicated on various websites, it appears this hacking group in targeting government sites; however, while making sure I had the facts as I had heard on the radio show accurate for this post, I came across sites that indicated "Anonymous" had threatened to "take down FaceBook" last November.  I heard nothing about that in the news so obviously that didn't happen but, given all the above, it would be prudent for FaceBook users to change their passwords as well.