| E-Mail "Contact List" Hack Not sure if this is the correct forum for my gripe, but what is going on with AT&T, Yahoo, SBC Global etc. E-Mail vulnerability?
Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party!
The end result is what I call a "circle jerk" of spreading chaos by people opening E-Mails from known friends and colleagues.
As far as I can tell, this "hack" is accomplished by opening up E-mails without ANY attachments! And it seems to be stemming from ATT Yahoo accounts ?
The only known solution is to change your E-Mail Password after the fact! Today the hacker is sending out SPAM, but with the users Password in hand, what will he do with it tomorrow?
Can something be done to prevent or avoid further attacks? Anti-Virus and Anti -Malware Programs can't seem to deal with this problem and the ISP is clueless! |
|
 KrisnatharokCaveat EmptorPremium
join:2009-02-11
Earth Orbit
kudos:7 | What does AT&T have do to with this? Are you opening up your Yahoo mail from an AT&T phone? I think the culprit would be an infected app or you clicked on a link that downloaded malware to the phone.
If this is on your desktop, I would head over to the PC Cleanup forum and follow the steps there to attempt to rid yourself of a PC keylogger.
--
If we lose this freedom of ours, history will record with the greatest astonishment, those who had the most to lose, did the least to prevent its happening. |
|
 pcdebbRIP dadkinsPremium
join:2000-12-03
Brandon, FL
kudos:5
 ·RoadRunner Cable
| reply to mattrixx
the ISP is not clueless. you have to do more than just open an email, and an attachment is not needed. But the link within has the trigger to make the dirty deeds happen.
Blame the person that is clicking the links, not AT&T or Yahoo
--
| map your city | |
|
 nwrickertsand groperPremium,MVM
join:2004-09-04
Geneva, IL
kudos:7
 ·AT&T U-Verse
| reply to mattrixx
said by mattrixx:Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party!
That has not happened to me.
I agree with others - it is probably a link that was clicked in an email.
--
AT&T Uverse; Zyxel NBG334W router (behind the 2wire gateway); openSuSE 12.1; firefox 12.0 |
|
Whip
join:2009-01-23
Califon, NJ | reply to mattrixx
It is a yahoo issue as my contacts were harvested through messenger which I never use anymore. I do not click links nor give out passwords. I found out someone was logging into my messenger while looking through 'account info' and then 'view your recent sign-in activity'. I had found IPs from countries like Vietnam, Thailand in there. They never ever went into the mail account. |
|
| reply to Krisnatharok
NO phone, just desktop use.
OK, I will follow your advice and visit the PC Cleanup Forum.
BTW, I have run current updated AVG 2012 (Free), Malwarebytes, Super Anti-Spyware etc. and each has found nothing!
So your saying in effect, changing one`s Password is not enough to resolve this E-Mail
"hack" problem because of the possibility of a "PC keylogger" that`s still hidden somewhere on my system?
And this is a result of just clicking on a link? Funny my ISP representative never said a word about anything other than changing the Password!
Thanks for any further insight into this. |
|
KrisnatharokCaveat EmptorPremium
join:2009-02-11
Earth Orbit
kudos:7 | reply to Whip
said by Whip:It is a yahoo issue as my contacts were harvested through messenger which I never use anymore. I do not click links nor give out passwords. I found out someone was logging into my messenger while looking through 'account info' and then 'view your recent sign-in activity'. I had found IPs from countries like Vietnam, Thailand in there. They never ever went into the mail account.
How do you know you weren't hacked? Why blame Yahoo that someone guessed/got your password?
--
If we lose this freedom of ours, history will record with the greatest astonishment, those who had the most to lose, did the least to prevent its happening. |
|
Whip
join:2009-01-23
Califon, NJ | said by Krisnatharok:said by Whip:It is a yahoo issue as my contacts were harvested through messenger which I never use anymore. I do not click links nor give out passwords. I found out someone was logging into my messenger while looking through 'account info' and then 'view your recent sign-in activity'. I had found IPs from countries like Vietnam, Thailand in there. They never ever went into the mail account.
How do you know you weren't hacked? Why blame Yahoo that someone guessed/got your password? How would they even know where to begin? It was alpha-numeric. I know I, personally, wasn't if that's what you are implying. I have been reading forums like this for years so I know not to just randomly click anything. Why does it always have to be user error and not vulnerabilities in the system? Are you saying that everyone that had their credit card info stolen in both of the fairly recent processor hacks are themselves responsible somehow? |
|
| The desktop computer that I opened my questionable E-Mail link happens to be a dual boot system.
I am fairly certain I opened this latest link while in Linux MINT Operating System.
I have been using the newly released MINT13 Maya much more recently than Windows 7.
Since a LINUX O.S. by it`s nature pretty much more secure and or ignored by hackers,
I have a hard time believing I was hacked via conventional means.
So either I was infected from a previous E-Mail link while in Win7, OR the problem is not emanating from from a compromised Windows, but more likely from an ATT/Yahoo issue? |
|
MGDPremium,MVM
join:2002-07-31
kudos:9 | reply to mattrixx
said by mattrixx:Not sure if this is the correct forum for my gripe, but what is going on with AT&T, Yahoo, SBC Global etc. E-Mail vulnerability?
.....
........
Can something be done to prevent or avoid further attacks? Anti-Virus and Anti -Malware Programs can't seem to deal with this problem and the ISP is clueless!
This has been a recurring issue for some time. In the past there was a rash of victim accounts where everyone in their address book were spammed with links for Chinese knock off product's websites. The support forums for both Yahoo and Microsoft live/hotmail were flooded with complaints of compromised accounts. Several reports of compromised accounts came from knowledgeable users who used complex passwords unlikely to be compromised via brute force.
I doubt that your PC has been compromised. If you use an email client, turn previewing off. When you log in to a webmail account, do so in a single web browser session, and make sure to log out as soon as you are finished reading and/or sending email. Do not stay logged in to your email account when browsing the web. Make sure that auto displaying/downloading of images from non trusted senders is off. The best strategy is to practice risk mitigation.
There are still ongoing issues with accounts compromised via session cookie hijacking. There are numerous internet postings on on email session cookie stealing, e.g.:
Reference: »cyberprotector.blogspot.com/2012···ing.html
MGD |
|
 shearerNorthern LightsPremium
join:2002-06-18
Asia | reply to mattrixx
said by mattrixx:Everyone I know (including me) with these mail accounts have had their personal contact lists "hacked" somehow, with SPAM being sent out to everyone on their list, as if coming from the unfortunate "hacked" party!
My Yahoo account fell victim to this a few days ago. Caught me by surprise. My OS is clean, I practise "safe hex", etc.. Spam was in my "Sent Items" but originating IP is from another country. Yahoo login history only shows my own IP. I highly suspect session cookie hijacking -or- Yahoo smtp vulnerability as the culprit. These folks also appear to run into the same scenario here: » security.stackexchange.com/quest···nd-spams» help.yahoo.com/communities/index···ef3cb537 |
|
| I deleted my contacts from Yahoo years ago. It was out of spite. Yahoo was bugging me about setting up chat. No one I know will get Yahoo spam from me. I think my address might have been used, but not to much purpose. I haven't seen any replies about spam from anyone who supposedly got it. I haven't got a public profile much to Yahoo's disgust, either.
I have contacts sitting on the desktop where I can copy and paste.
And the file isn't named "contacts," either. |
|
 DrStrangeTechnically feasiblePremium
join:2001-07-23
West Hartford, CT
kudos:1 | reply to MGD
Thanks for the info on how this is happening.
I'm going to explore the Yahoo Messenger angle as well [anyone know if MSN Messenger would do the same for Hotmail, or AIM for AOL?], the next time I have to troubleshoot this issue. |
|
|
|
 NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9
 ·SONIC.NET
·Pacific Bell - SBC
| reply to Krisnatharok
said by Krisnatharok:What does AT&T have do to with this? Are you opening up your Yahoo mail from an AT&T phone?
AT&T contracts with Yahoo! to provide email services for AT&T users.
Yahoo! mail with AT&T's legacy 'pacbell.net'.
My old 'pacbell.net' accounts are still active, even after I quit using AT&T DSL service. They can be accessed via either IMAP, or the web, using any ISP.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
 DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2
·Covad Communicat..
·Verizon Online DSL
| reply to mattrixx
I had wondered about this myself but never got a chance to post the query. Over the last month I have been receiving increasing amounts of spam from people I know who have (or had) Yahoo addresses and are addressed to their address book. It is a certainty that Yahoo was compromised and not just some malware infestation of client computers. I just received 6 messages this morning from an account I created solely for testing a specific development project 5 years ago that no one has used since (I am the only one who has the password and it was never kept online or emailed anywhere. On top of that, the password was part of a GUID which means it couldn't have been simply broken via dictionary or brute force.)
I reported this to Yahoo and all I got was an autoresponder telling me how to report spam and how to identify scam emails, and to contact them if I have any questions. Replying to that addy just got another autoresponder telling me the same thing. Dollars to donuts they know they were hacked and are working on saving face before admitting it.
--
"Dance like the photo isn't being tagged; love like you've never been unfriended; and tweet like nobody is following." |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by DC DSL:I reported this to Yahoo and all I got was an autoresponder telling me how to report spam and how to identify scam emails, and to contact them if I have any questions. Replying to that addy just got another autoresponder telling me the same thing. Dollars to donuts they know they were hacked and are working on saving face before admitting it.
Based on the post about hijacking session cookies, I wonder if "hack" is the appropriate term?
I have several Yahoo! accounts, from the first, signed up July 7, 1999 to the latest, signed up October 26, 2011. They cover a variety of domains, from the original 'yahoo.com', through the ISP domains ('pacbell.net'), to the "free for all" 'att.net'. None have been compromised.
But I haven't clicked on any dubious links in email. I suppose it also helps that I sign out fully, which shortens the window of opportunity to hijack a session.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2 Reviews:
·Covad Communicat..
·Verizon Online DSL
| said by NormanS:Based on the post about hijacking session cookies, I wonder if "hack" is the appropriate term?
I have several Yahoo! accounts, from the first, signed up July 7, 1999 to the latest, signed up October 26, 2011. They cover a variety of domains, from the original 'yahoo.com', through the ISP domains ('pacbell.net'), to the "free for all" 'att.net'. None have been compromised.
But I haven't clicked on any dubious links in email. I suppose it also helps that I sign out fully, which shortens the window of opportunity to hijack a session.
No, it's a hack. The account of mine and, as far as I have been able to determine, the dormant accounts of friend had not been accessed in any way for years. The computers I used back then were decommissioned and nothing from them was ported forward. Also none of the people I know whose active Yahoo accounts are spewing were clickjacked or have malware infestations, don't have any Yahoo software, don't use mobile access. So, unless there's some new way of getting account credentials that aren't in any way available on a computer, or aren't being bandied about for unsecured wifi sniffing, this is inside-out access.
--
"Dance like the photo isn't being tagged; love like you've never been unfriended; and tweet like nobody is following." |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 | If what you say is true, then it would appear that a Yahoo! employee has violated his trust. Which also isn't "hacking", per se.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
DC DSLThere's a reason I'm Command.Premium
join:2000-07-30
Washington, DC
kudos:2 | I think a breach from outside is far more likely. |
|
NormanSPremium,MVM
join:2001-02-14
San Jose, CA
kudos:9 Reviews:
·SONIC.NET
·Pacific Bell - SBC
| said by DC DSL:I think a breach from outside is far more likely.
I would think that an "outside-in" breach would be pretty far-reaching, and affect more users than the handful who have reported this issue.
.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum |
|
