My Yahoo email address "hacked" ?

[CuriousMike]

Evidently, "I" sent an email to everyone in my contact list.

"Hey
How are you doing? I ordered one white 3gs apple iphone from <www naroyt188 DOT COM> , much cheaper but brand new ,genuine . It can offer so many kinds of electronic products which you may be in need,such as laptops, gps, TV, cell phones, ps, MP3/4 and etc..
Cheers "

It even shows up in my "Sent" folder in Yahoo.

How could this happen?

To my mind, they'd have to have my password... perhaps that's either uber-obvious or I'm very naive.

For the time being, I've changed the passoword on my YIM account ( they didn't bother to change it themselves).

 

[Spacehead]

Same thing happened to my nephews wife about 2 weeks ago. I don't know if the message was the same as i didn't read it.
I received 3 or 4 emails from her account with no subject all on the same day & then a legit email from her saying what had happened & just delete them.
I hadn't checked my emails in several days so i ended up receiving all of them on the same day.

I can't help you on the "how they did it" part but it seems there's a trend here.

 

[MrColin]

how complex was your password? Do you ever use public wifi without vpn?

I've seen articles on distributed brute force cracking systems that can be on various zombie machines across the net. Black cloud computing if you will.

Also, there was a file floating around with about 25,000 passwords for mostly hotmail but gmail and others too. The list was alphabetical and ended fairly early in the alphabet suggesting it was only part of a larger list. With that many username passwords availabe in one place people started looking into statistical analysis of the passwords chosen by the users in the list.

The most common one I remember reading was "123456," was that your password?

The fact that your wife got hit too suggests that a computer you share is compromised or perhaps you both got your passwords sniffed while using wifi somewhere.

A lot of people don't realize that ssl, md5, WPA, and WPA2 are currently crackable using publicly available freeware.

 

[CuriousMike]

how complex was your password?
The fact that your wife got hit too

My password complexity would meet "medium" for strength.

My wife did not get hit... I must have been unclear. As she was part of my address book, she was sent the mail.

We do not use WiFi at our house.

One thing I do that is stupid is:
When I sign up for a new forum where they ask for an email address, I'll supply them my Yahoo email address, and I use the same password for all my forums as I do for my main Yahoo password.
The above is what makes me ( a dork ) suspicious about a few new forums I've signed up with.

Dunno.

 

[Modelworks]

My password complexity would meet "medium" for strength.

My wife did not get hit... I must have been unclear. As she was part of my address book, she was sent the mail.

We do not use WiFi at our house.

One thing I do that is stupid is:
When I sign up for a new forum where they ask for an email address, I'll supply them my Yahoo email address, and I use the same password for all my forums as I do for my main Yahoo password.
The above is what makes me ( a dork ) suspicious about a few new forums I've signed up with.

Dunno.

Never use the same password on a bunch of sites.
I use a password manager that stores all keys encrypted locally, it generates passwords for the sites that are really complex like : oÑ+͹?¤¢?Wl¸ºq/
Ones like that use ascii characters and are really hard to generate with a keyboard and guessing with brute force would take forever.

Keepass is free and works on most OS.
http://keepass.info/

 

[Spacehead]

Just got an email from my nephew that his Yahoo account was hacked also, though i haven't received any of the spam emails from his account. So that's both him & his wife now

As far as i know they don't have WIFI at their house & no idea how strong their passwords are.

 

[Aztech]

My Yahoo! Account sent out viagra spam to everyone in my contacts list...twice now. A full system scan with Symantec finds nothing. I'm just starting to read about this using Google, I'm certainly not alone...

 

[Ms. DICKINSON]

No worries, it's a bot that sniffs through you contact list and do mass emailing.