Home > expense > Mathai Baker Fenn: My Hacked Yahoo Account

Mathai Baker Fenn: My Hacked Yahoo Account

at:2008-09-24 04:36:54   Click: 5032



I got a lot of queries about how I got my account back, so I thought I would post a blog about it...

I had my yahoo account hacked. Me and Sarah Palin. Seems that this is the price of being a celebrity! Ha ha. My hacker was possibly an ex student who didn't get grades in my class. It doesn't take much brains to do this apparently. Sarah Palin's hacker explains how its done. It's called the Social Engineering approach.

Here is how it works

Like most web account services, Yahoo Mail provides an option to reset or recover one's user name and password. What is unclear is how the account recovery was rerouted from the alternative email address chosen by Palin to a secondary email address.

One poster said it took only 15 seconds on Wikipedia to answer Yahoo Mail's prompt for Palin's birthday.

As regards the prompt for a ZIP code, Wasilla, Alaska, has only two ZIP codes.

However, Palin's personal security question — 'Where did you meet your spouse?' — did slow the process down. The poster claimed it took several tries before they eventually hit upon the correct answer: Wasilla High School.

from a ZDNET article

Enough about that. Now to my case. First understand my profile. I manage a large number of online identies through my yahoo account. Some of them public some of them private. This is the first security issue. Should I have a centralised account for all of them or should I have kept them sealed off from each other. No that would be too complicated. After all I was doing NOTHING illegal. Oh that is if you do not take into account cyberlaws that say it is illegal to assume a false identity. So what if my "fat_ugly_middle_aged" id on yahoo is not a perfect description of me. We all know I am in reality handsome, well proportioned and young... but it certainly is not unethical.

So imagine my shock when i found I couldnt log into my yahoo account. The social engineering approach is probably the most used approach to crack a web account. I did a search on google to see what to do. Most people said its not worth following up with yahoo to get it back. But I owed it to people who were using my yahoogroups!

So write, I did. And YAHOO responded!!! When I explained my case, they wrote back to say that they had reset the password. It took a while. Which is good...it means any potential hacker will also take a while. But what I had not realized is that our wily friend (??) had added some email ids to the ones I had. So when the password was changed the notice went to all ids including the fake ones he had created. He was prompt in changing it back. But all it took was dogged persuasion. It took me about 10 days to get my account back. But I guess it could have been done in a week.

In the meantime I sent an email to my own mail id. I first sent a hi...and got a response also saying hi...then I wrote the mail reproduced below. I didn't get a response, but once I got my mail account back, I saw it was read. I guess it rattled the fellow and I knew he wouldnt fight too hard to retain control.

Dear Mathai,

I am glad I finally get to talk to you directly. I don't know if you know about it, but you have crossed over from being a harmless prankster to being a criminal. Identity theft is a crime, and if you are caught you could lose your job, as well as spend time in jail. It doesn't matter whether you have caused financial losses or not. Are you sure you want to be in this position? Let me know what you feel either way :)

The Other Mathai

Finally yahoo sent a link to reset the password directly to my secondary account (which was not registered at the time).

So what can you do to prevent social engineering?

1. Never Speak The Truth:

If your security question is to write your mother's maiden name. DO NOT write the truth. Remember this is not a passport verification. Write something else. At least MIS-SPELL the name. But then the catch is you must remember this. Remember if you are on line, there is a lot of data about you floating around.

2. Give a secondary email address

Though often not mandatory, when the hack happens you will wish you had done it. So might as well do it now.

3. When it happens, respond swiftly.

When your account is hacked, it will take some time to get it back. Put in the time. Or put someone on it...someone who you trust. Don't delay

There is a greater issue of whether we should have one centralized id or use multiple. Thats a choice you will have to make. I dont believe a company like GOOGLE / GMAIL or MICROSOFT will use my personal data to somehow blackmail me individually. Hence I have no problems with trusting them with personal information. But then again I know people who spend their lifetime trying to keep some small petty thing a secret.

RETRIBUTION:

So what attempt did I make to catch the culprit? Virtually none. I know he will read this article as soon as it goes up. That is retribution enough for me. Once there was an email that went around foul mouthing certain faculty at XLRI. I traced it back to one of five accounts. I then sent an email to all five saying.. I DON'T WANT TO... follow this up. But whoever does these things, should know that you are far from invisible on the internet....as the recent terrorists found out.
You can read more at my blog, http://www.mathaifenn.blogspot.com

Add Favorite Close

0 Vote
Tags: expense account


Comments
  • jtsfds96 at : 2009-01-06 03:15:59
    mammamia; order cheap risperdal; topamax; alli canada; cheap glucophage; order diovan; online stop smoking; buy erythromycin; vitamin c; buy generic diclofenac online; lamisil; order generic levaquin; rogaine; actonel online; provera; celebrex; prednisolone; order avandia uk; fosamax; generic avandia; risperdal; order generic aspirin; buy vytorin; stress relief; glucophage order online; prednisone; zovirax; buy ginseng; prednisolone; buy soma; premarin online; echinacea; seroquel; generic citalopram usa, ; buy fluoxetine online; order hyaluronic acid uk; actos; acai; synthroid; abilify; generic actonel usa, ; generic actos; flomax buy; coumadin;
  • jtsfds61 at : 2009-01-05 22:45:20
    mammamia; pamelor; buy avapro online; phosphatidylserine; order generic chloramphenicol; requip buy online; januvia; cheap colchicine; coral calcium; voltaren; generic alpha lipoic acid; order cheap antivert; order trimox; cheap ditropan; estrace online; purchase generic differin, ; generic procardia; procardia; purchase biaxin; generic lotrisone; coreg online; buy nitroglycerin; betnovate; buy proscar; indocin online; order doxazosin online; cheap sarafem; cheap tribulus; purchase tretinoin cream online; emsam; albendazole; diamox online; generic lithium carbonate; motilium; order hytrin online; cleocin; periactin order; levlen; order cheap amoxil; trileptal; male enhancement pills; order betnovate; buy lopid;
  • jtsfds238 at : 2009-01-05 21:19:09
    mammamia; weight loss, ; hoodia; generic acomplia; prozac order; lipitor; cialis buy; doxycycline; zoloft; order clomid; buy stromectol online; cheap prozac; acomplia purchase; hoodia; buy propranolol; weight loss, ; viagra soft; lipitor; buy cialis soft tabs; viagra; buy generic levitra; lexapro; accutane online; cialis usa; rimonabant; propecia; propecia order online; buy generic viagra; accutane canada; viagra soft tabs; generic clomid; propecia online; buy viagra; order propranolol; hoodia; levitra; doxycycline;
  • jtsfds198 at : 2009-01-05 19:52:04
    mammamia; diovan; generic ultracet usa, ; levaquin; plan b; cheap cymbalta; metformin; imitrex; ginseng; buy generic actos; generic abilify usa, ; zyprexa buy online; order rogaine; purchase aleve online; norvasc buy; echinacea; zocor; abilify; paxil; prednisolone; buy orlistat; cephalexin; diflucan online purchase; imitrex; order celexa; celebrex; motrin; prednisone; online tetracycline; avandia; acyclovir online; buy skelaxin; erythromycin; zovirax cheap; skelaxin; order green tea uk; generic prednisolone; green tea; buy seroquel uk; zocor; zocor; online purim; paxil generic; breast enhancement; cheap actonel; order vitamin c; buy hydrochlorothiazide; gaba cheap; flomax; folic acid; order avandia usa; uk coumadin; cheap avandia; glucophage cheap; purim; online effexor;
  • jtsfds124 at : 2009-01-05 15:24:33
    mammamia; generic strattera online; bupropion buy online; order coq10 uk; buy lamisil; buy levaquin; cheap glucophage online; cheap alli usa; order skelaxin; generic tetracycline online; stress relief cheap; order orlistat; order cheap citalopram; buy carisoprodol usa; cheap soma; seroquel; actonel; plavix; ultram; order levaquin; prednisolone; generic fluoxetine; ginseng; vitamin c; actonel; lasix; buy cheap generic levaquin; erythromycin usa; buy buspar online; order cheap saw palmetto; soma; buy coumadin; clonidine; generic prednisone; cipro; cla; ginseng online; buy stress relief; prednisone; order diclofenac; vitamin c; plan b; generic crestor; zovirax; cla; generic zocor; order cheap motrin; lamisil order;
 1 2 3 4 >  Last ›
Comment
Name: Home:
More>>Hot sort
More>>Top in same Category