dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
1620
share rss forum feed


antdude
A Ninja Ant
Premium,VIP
join:2001-03-25
United State
kudos:5
Reviews:
·Time Warner Cable

3 recommendations

Yahoo Mail compromised

»yahoo.tumblr.com/post/7508353231···il-users from »betanews.com/2014/01/30/yahoo-ma···anymore/ and »arstechnica.com/security/2014/01···d-reset/ ...
--
Ant @ AQFL.net and AntFarm.ma.cx. Please do not IM/e-mail me for technical support. Use this forum or better, »community.norton.com ! Disclaimer: The views expressed in this posting are mine, and do not necessarily reflect the views of my employer.


DrStrange
Technically feasible
Premium
join:2001-07-23
West Hartford, CT
kudos:1

2 recommendations

So, Yahoo is still blaming third parties for their servers being vulnerable to large-scale data theft? Or was it really a third-party breach this time?

I've seen many people's Yahoo, AOL and Hotmail accounts hijacked to send spam and/or malware several times in the past. The most frequently hijacked accounts, by far, were Yahoo Mail. It wasn't just isolated occurrences then, either. Before that, there were spam posts in Yahoo mailing lists from 'shadow' accounts that list-owners couldn't ban or block. Even then, I suspected that someone [other than NSA] had compromised the 'back end' of Yahoo. Eventually my suspicions were confirmed:
»arstechnica.com/security/2012/07···-hacked/

Hopefully they catch the perps this time. If it turns out they're out of the country, I recommend Predator drone strikes [only somewhat in jest].

In the meantime I'll continue to advise customers, friends and anyone else who will listen to keep sensitive data far away from Yahoo.

davidhoffman
Premium
join:2009-11-19
Warner Robins, GA
kudos:3
reply to antdude
I have att.net, but at the top of the e-mail GUI it shows both the AT&T Globe and Yahoo in the upper left corner. Do you know if this e-mail issue affect AT&T e-mail users? I have not gotten an e-mail from att.net telling me anything is wrong at this time.


nwrickert
sand groper
Premium,MVM
join:2004-09-04
Geneva, IL
kudos:7
Reviews:
·AT&T U-Verse
I'm in a similar situation.

I think we are safe, but I would like confirmation from somebody who knows for sure.

My understanding is that ATT has the password, and Yahoo doesn't. To login to Yahoo, it contacts ATT to validate the password. If I'm correct, then there's only a problem when ATT is hacked.
--
AT&T Uverse; Buffalo WHR-300HP router (behind the 2wire gateway); openSuSE 13.1; KDE 4.11.4; firefox 26.0


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
said by nwrickert:

My understanding is that ATT has the password, and Yahoo doesn't. To login to Yahoo, it contacts ATT to validate the password. If I'm correct, then there's only a problem when ATT is hacked.

It has been a long while since I updated my passwords. I decided it was probably time. I still have a couple of '@pacbell.net' accounts, though I am no longer with AT&T. They required me to log in through an AT&T site to effect a password change. My ancient Yahoo! Mail account was changed on the Yahoo! site. I don't know if that is helpful.

OTOH, there are additional measures available through both services to enhance recoverability; don't know if that makes things more secure. But every verified, non-Yahoo! email address on each account I modified received an email notice of the changes I made.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


planet

join:2001-11-05
Oz
kudos:1
Sorry, NVM


EGeezer
zichrona livracha
Premium
join:2002-08-04
Midwest
kudos:8
Reviews:
·Callcentric

1 edit

2 recommendations

reply to antdude
I'm not surprised at this discovery. About half of the "low mortgage rates/enhance your ..." spam I get comes from Yahoo mail servers.

Yahoo doesn't even accept reports from Spamcop, so all that may happen is Yahoo being blocked by servers using Spamcop lists.

But a significant issue is raised in the Betanews article;

However, the real question is, why would a third party be storing the credentials of Yahoo users? When a user establishes a username and password with Yahoo, the expectation is that it is not shared outside of Yahoo. The company has some explaining to do.



Yes, indeed, they have some explaining to do. In the end, Yahoo is responsible for defining the contractual security requirements of their third party authentication systems - if that's where the breach really occurred.

--
»www.flickr.com/photos/egeezer/


Dude111
An Awesome Dude
Premium
join:2003-08-04
USA
kudos:13

1 edit
reply to antdude

Yahoo sucks......

My acct hasnt worked in months and its apparant THEY ARENT GOING TO FIX IT!!!!!!

They dont give a crap about anyone.. Thier stuff keeps getting worse....I wouldnt be surprised if they just shut down!!


Snowy
Premium
join:2003-04-05
Kailua, HI
kudos:6
Reviews:
·Time Warner Cable
·Clearwire Wireless

1 recommendation

reply to antdude

Re: Yahoo Mail compromised

I'm no fan of ymail, some of their recent decisions have alienated me but I do believe this not about a ymail hack.
scross See Profile's post explains the alternate the possibility.
»Re: Credit card data breach at Target


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC

1 recommendation

reply to EGeezer
said by EGeezer:

About half of the "low mortgage rates/enhance your ..." spam I get comes from Yahoo mail servers.

I can't say that I have seen spam from Yahoo! servers. Most of the spam I have received seems to come from compromised residential hosts; much of the rest from paid spam services; especially for domains registered with Big Rock, or protected by WhoisGuard.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


carpetshark3
Premium
join:2004-02-12
Idledale, CO
Reviews:
·CenturyLink
My Yahoo accounts are for those I think might spam. No contacts listed. I've seen some spam, but since I don't have a profile, as far as Yahoo is concerned I'm an alien from Polaris. A lot of the spam is stuff I used to be interested in, but no longer want. Too lazy to get off mailing list.

BTW, I can get the simple service with no extras. I don't use the updated or whatever the hell they call it mail.

So far, I haven't been told to change password.