dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
888
share rss forum feed

dizmayed

join:2013-02-07
Oakland, CA

Uverse: email addresses hacked twice?

Hi:

We're switching from xISP to Uverse Max. One household member has had same pacbell.net address for ten years, usually connected via xISP to yahoo mail. Never a "hacking " problem.

During the past week we've connected via Uverse on only two occasions for a few hours each (usually still been using xISP for various reasons). Pacbell.net user accessed yahoo web mail client as before. Yahoo mail client was a bit different than before ("powered by ATT").

During those short time periods her yahoo email client sent spam to everyone in her add book. She uses Mac OSX. Email password has never changed.

Did I explain this properly? Any idea why this "hack" happened to occur twice during these two short Uverse periods?

Thx, dizmayed



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 edit

There was some service, acquired by Yahoo! not to far back, which was compromised. Many Yahoo! users of that service were affected; but it was not related to U-verse.

Yahoo! Voices:

»Nearly Half a Million Yahoo Passwords Leaked

Plus more about Yahoo! accounts:

»/nsearch?board···l+hacked

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


Frodo

join:2006-05-05
kudos:1
reply to dizmayed

said by dizmayed:

Hi:
Did I explain this properly?

It was good, as far as it went. One thing I was wondering is, was the sent spam showing in the sent email folder? If so, the web email client sent it. If not, could be the address book information was acquired along with your email address, and it was sent externally, with your email address spoofed.

When you say "web mail client" I guess that means some kind of email access in a browser? If so, does the problem occur when a different browser is used? I wonder whether there is something running in that first browser lying in wait for you to access email, that saw the access when the AT&T thing was showing.

But, it's a jig saw puzzle, and not enough pieces to get a clear picture of what is going on.

dizmayed

join:2013-02-07
Oakland, CA

Thx NormanS for that history and the links to an earlier thread. i'll look thru them.

Frodo: good questions. Yes, the e-mails appeared in the sent folder. By "client" I meant the Yahoo mail site Ruth has used for years. Browser is Safari, on Ruth's up-to-date Mac. Haven't tried other browsers.

Why this hack occurred twice during two short Uverse connections certainly puzzles me. Never happened in past ten years. Ruth changed pw to something different, stronger.

HTTP vs HTTPS: Lastly, I noticed that when Ruth gets mail, she goes to a slightly different looking Yahoo site than pre-Uverse ("Powered by ATT"). The URL begins with ». I notice my Gmail URL begins with ».

Is that impt?

She's been connected for about 24h now and no further problems.

dizmayed



NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:11
Reviews:
·SONIC.NET
·Pacific Bell - SBC

said by dizmayed:

HTTP vs HTTPS: Lastly, I noticed that when Ruth gets mail, she goes to a slightly different looking Yahoo site than pre-Uverse ("Powered by ATT").


Regular free Yahoo! Web mail.

Former AT&T, converted to free Yahoo! Web mail.

Both accounts were accessed using 'mail.yahoo.com'. The first is in the 'yahoo.com' domain while the second is, 'pacbell.net'. Because I can't use official AT&T member access, now that I am no longer an AT&T DSL customer, I have to access through the regular Yahoo! page.

The URL begins with ». I notice my Gmail URL begins with ».

Is that impt?

For some people, yes. But probably not related to what happened.

In fact, based on the information you provided, there is no unique, definitive explanation. If she ever used Yahoo! Voices within a window of time just after Yahoo! acquired Voices, her password might have been leaked. If she had a weak password, it might have been cracked (such happened to my aunt). Or if she was ever "phished". With most U.S. ISPs, especially the largest ones, blocking outbound port 25, spammers can't use compromised residential computers to send direct to domain MX servers. Their latest technique is to impersonate an ISP mail service, and claim that the user must prove their account is still active by providing the login details. Then there are keyloggers; and more.

Some can be ruled out, but there is still insufficient data to zero in on a specific explanation.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum