Just got my first email acct hacked...

ps99472

New member
Spammed a few of my contacts in the acct.. luckily one of them emailed me right away..  yahoo shows somebody today in Mexico logged into my email... it was a Yahoo! Mobile source... IP address is 189.153.115.17

I thought my password is pretty secure.. I wonder how they got it?  Changed my password and turned on 2 step sign on.. and no my password is not qwerty nor abcd123
 
Obvious questions... did you click on any link recently from an email, an attachment, from Facebook or any other social media (ie - Twitter)?  Make sure your anti-virus software is up to date in terms of scan engine and virus definition.  Have a few anti-spyware applications installed (free versions of these are great -https://www.superantispyware.com/download.html and http://www.malwarebytes.org/mbam-download.php).  Make sure they also have the latest definitions.  Then, restart your computer in safe mode.  In Windows, you hit F8 before Windows starts and you should be prompted with a menu of how to start Windows.  You'll want to start in Safe Mode with no networking.  From there, kick off your anti-virus software and let it run a full scan making sure it checks everything (system files, sub folders, all extensions, etc.)  Then, run the anti-spyware apps also.

If you log into the hacked email from work or any other machine, you'll want to have those machines scanned also.  Make sure all patches for Windows are up to date.
 
It looks like the IP address you gave belongs to http://www.lacnic.net/en/sobre-lacnic/.  It's for Latin America and the Caribbean.  I'm probably more paranoid than most, but also check your bank and credit card accounts.  Did you have any financial accounts tied to this email where they might try to reset the account/password?
 
jvna said:
Obvious questions... did you click on any link recently from an email, an attachment, from Facebook or any other social media (ie - Twitter)?  Make sure your anti-virus software is up to date in terms of scan engine and virus definition.  Have a few anti-spyware applications installed (free versions of these are great -https://www.superantispyware.com/download.html and http://www.malwarebytes.org/mbam-download.php).  Make sure they also have the latest definitions.  Then, restart your computer in safe mode.  In Windows, you hit F8 before Windows starts and you should be prompted with a menu of how to start Windows.  You'll want to start in Safe Mode with no networking.  From there, kick off your anti-virus software and let it run a full scan making sure it checks everything (system files, sub folders, all extensions, etc.)  Then, run the anti-spyware apps also.

If you log into the hacked email from work or any other machine, you'll want to have those machines scanned also.  Make sure all patches for Windows are up to date.

It's not our primary email acct, my wife created awhile back as a wedding email blast...(it spammed our florist)  I don't believe we use it to register for any site, financial nor social.  I haven't clicked on any suspicious links,emails..  I have malaware and ad-aware, and my virus check is Avast... gonna do the safe mode thing you mentioned just to be cautious... other sources that can check the account are two iPhones and an iPad.. could that be a problem?  When I looked into the log-in activity from Yahoo, the Mexico source was from Yahoo Mobile which is from a cellphone source?  Our log-in activity is thru browser...
 
There could be many ways that they could've gotten into your account.  They could've somehow compromised Yahoo (not likely) and that would be out of your control.  The best you can do is be cautious and run routine antivirus/antispyware scans.  Make sure to a firewall up.  Be extra careful at public hotspots (like Starbucks or hotels).
 
I work in IT and it's scary easy how easy it is to hack into anything with a password. There are several common methods, even 12 year old kids can do these.

1) Brute force attack - a simple script that will simply keep logging into your account with different combinations of letters until it hits yours. This is especially easy with dictionary words, as the scripts can locate those combinations very quickly. They will just try and try and try over again until they get in.

2) Malware - You may have downloaded an application to your desktop or phone, and the application was infected with a trojan horse, which was sniffing your keystrokes, and then uploading them remotely to the hacker

3) Phishing - even if you swear you weren't logging into any unprotected websites with a password, even rolling over stupid ads is enough to activate controls on your browser and infect you.

4) Shoulder watchers - you know with the iphone it doesn't screen your letters as you type them until after a few seconds. The number pad is also easily readible. There are stalkers in public places who will just cozy up behind you and you will never know it, either filming your keystrokes with a camera or more commonly just watching you put them in.

5) A soft target website - Maybe you signed up for some casual hobby forums, and you use the same password EVERYWHERE. Well, the webmaster for that site didn't encrypt his passwords in the database, or he was storing master passwords in clear text on his server. Once the hacker finds that master password, he has access to EVERYTHING in the database, including your password, which you use everywhere. So now that he has your password, and your email, he's going to make the rounds on all the top sites - PayPal, eBay, Amazon, email accounts, everything, and see what he has access to. This only takes 15 minutes as it is all scripted, so he just plugs in your password and the script does all the work for him.

6) Port sniffers - Those connecting their computer direct to the internet, with no firewall, and not behind a router, are the most vulnerable. Again, the hacker simply has an automated script that just goes out and scans for open ports on your computer, until he finds an open one. Consider it a back door. Once he's in, he can do fun stuff like start keylogging, and then get your password straight from the source.

All these techniques are very common and easy to do. The programs do all the work so it's not like Hollywood where some super genius is typing madly into the keyboard with some rocket science Einstein algorithims, he's just downloading common hacker tools that are out there.

Nobody wants to hear this, but it's just like your front door. If someone REALLY wants in, they will get in, it's stupid easy. What you want to do is make it so annoying for anyone trying, that they just get bored and move on to something softer.

My money market account makes you verify a code over the phone, if they don't recognize the computer you're logging in from. It is annoying at first, but I am really glad that they do it.

The password security model is really busted, and in need of modernization. Not trying to scare anyone, but we all need to make sure we aren't taking anything for granted, and follow the simple steps that can cut down 90% of the hacks. Simply changing your password every 90 days, making sure it has an upper case letter and a number in it, that it's not a dictionary word, making sure your firewall is on, keeping your PC updated with the latest patches, will stop most of it.

There are some websites I use a "soft" password that is easy for me to remember, that I could care less about getting hacked on. Those I pretty much expect that if and when someone does get in, there's nothing I care about them having anyway.
 
Great info icey.

To add, be careful of fakeAV.  Those are basically popups from some sites that you visit.  They make them look like security warnings that you'd get from your anti-virus program.  The problem is that when you click to "clean" the fake infection, you're actually downloading malware and installing it on your machine.  At this point, they try to trick you into purchasing their anti-virus program.  Their fakeAV basically removes the malware you just installed from their popups.  Some of these are really hard to remove and some might require a wipe/reinstall of your machine.

Social engineering is another thing to be aware of.  That involves phishing such as those emails that tell you you need to reset your password for some site or to verify that your account is up to date by emailing back your personal information.  Never do that.  No legitimate site will ever ask you to email them your password or any sensitive information.  If you are unsure about a link, type in the address yourself into the address bar.

In regards to passwords, length usually trumps complexity.  So passwordpassword1 is harder to crack than p@$$w0rd.

It's a pain and my wife laughs at me, but I use a password vault to keep all of my passwords for my online accounts.  They are so ridiculous that there's no way I've memorized any of those randomly generated 20 character passwords.  When I need to access one of my accounts, I copy/paste the password into the login.  The password vault also helps store the URL for sites since I sometimes forget the correct URL.  It also helps to store my login account as I don't remember them for the rarely used sites I access.  This is what I use --> http://keepass.info/.  It's free and open source.  It has strong encryption.
 
This thread just made me activate 2 step verification for email. I wish they offered this through my bank as well.
 
Back
Top