Yahoo email accounts are hacked at a ludicrous rate.

GoodEnough

Golden Member
Apr 24, 2011
1,547
19
81
Yahoo email accounts are hacked at a ludicrous rate.
I know someone who has an UNHACKABLE password generator (like lastPass)
Yet, their account has been hacked several times (for spam email)

Do you think someone from the inside is selling acct data ?
 
Last edited:

Homerboy

Lifer
Mar 1, 2000
30,859
4,976
126
Yahoo email accounts are hacked at a ludicrous rate.
I know someone who has an UNHACKABLE password generator (like lastPass)
Yet, their account has been hacked several times (for spam email)


Do you think someone from the inside is selling acct data ?

I don't think you're using the word "UNHACKABLE" correctly.
 

lxskllr

No Lifer
Nov 30, 2004
58,150
8,413
126
I don't think you're using the word "UNHACKABLE" correctly.

Hyperbole. That helps rule out my theory that it was due to less sophisticated users. Curious what Yahoo does/doesn't do that other companies do.
 

waffleironhead

Diamond Member
Aug 10, 2005
6,975
465
136
It want till just recently that Yahoo made me update my password from 5 characters to 6. Feel much safer now.
 

Platypus

Lifer
Apr 26, 2001
31,046
321
136
yahoo's security team is actually pretty solid, this sounds made up or his machine is compromised in some other capacity.

also LOL @ lastpass being unhackable, do some research.
 

ISAslot

Platinum Member
Jan 22, 2001
2,888
107
106
sounds like the spammers spoofed his address. Hacking not found.
 

mmntech

Lifer
Sep 20, 2007
17,501
12
0
also LOL @ lastpass being unhackable, do some research.

Yep, it was hacked a few months ago. Don't think the crooks got anything useful though, but it was a PITA having to go back and change all those passwords.

Crooks can hack my Yahoo Mail account all they like. All they'll see is a crap ton of undeleted spam messages.
 

Kneedragger

Golden Member
Feb 18, 2013
1,187
43
91
I get those spam emails from my brothers Yahoo account all the time. I don't know what he does but it's pretty funny.
 

Charmonium

Lifer
May 15, 2015
10,081
3,222
136
also LOL @ lastpass being unhackable, do some research.
IIRC, lastpass stores your pw's in encrypted blobs so unless there is someway for the hackers to get your masterpassword, which shouldn't be possible, you should be fine. Although it is curious that LP is still telling people to change their master pw.

LastPass has announced on their company blog that they detected an intrusion to their servers. While encrypted user data (read: your stored passwords for other sites) was not stolen, the intruders did take LastPass account email addresses, password reminders, server per user salts, and authentication hashes. The latter is what’s used to tell LastPass that you have permission to access your account.
According to LastPass, the authentication hashes should be sufficiently encrypted to prevent anyone from using them to access your account. However, the company is still prompting all users to update their master password that they use to log in to their LastPass account. If you use LastPass, you should do this immediately. If you share that master password with any other services, you should change it there, too. Finally, if you haven’t enabled two-factor authentication you should do that immediately here.

http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571
 

destrekor

Lifer
Nov 18, 2005
28,799
359
126
yahoo's security team is actually pretty solid, this sounds made up or his machine is compromised in some other capacity.

also LOL @ lastpass being unhackable, do some research.

IIRC, lastpass stores your pw's in encrypted blobs so unless there is someway for the hackers to get your masterpassword, which shouldn't be possible, you should be fine. Although it is curious that LP is still telling people to change their master pw.



http://lifehacker.com/lastpass-hacked-time-to-change-your-master-password-1711463571

Platy, not sure what you are implying or suggesting here.
Lastpass is actually phenomenal. They have to be a pretty damn big target, and yet nobody has gotten anything of import from their servers. I think they've implemented their hashes and salts spectacularly.


Also, I think the OP was referring to a password generated using Lastpass to be "unhackable" - which is nonsense. No password itself is unhackable, which is why a password should be sufficiently complex (and long).


Length matters more these days than anything else, and I wouldn't doubt if the OP's friend uses a short password. Even if you make Lastpass create a super-complex password, if it's only 8 characters, it won't take long for a rainbow table (if I'm not mistaken) to crack it.

Length + complexity. Lastpass can't do a damn thing for you if you don't utilize it to its fullest capacity (or any random password generator tool).

Also, for Lastpass - anyone not using 2-factor should be slapped upside the head with a dumb bell. Again, that does nothing for your site-specific weak passwords, but it helps protect your main password (which I also hope is sufficiently long and complex).
 

John Connor

Lifer
Nov 30, 2012
22,757
617
121
Probably lack of common sense using the Internet. Might have malware and other crap. I've had Yahoo accounts for years and never had an issue.
 

GoodEnough

Golden Member
Apr 24, 2011
1,547
19
81
I get a spam email from this person's Yahoo account at least once a year.

Unhackable means they have a 20 character password with every variation (symbols, caps, numerals, ucase, lcase, etc) Any Password Strength Checker will give it 100%
They change it, and it still gets hacked. I must get 20 hack spams a year ONLY from Yahoo emails. Something totally does not add up. No way this is random.
 

XavierMace

Diamond Member
Apr 20, 2013
4,307
450
126
I get a spam email from this person's Yahoo account at least once a year.

Unhackable means they have a 20 character password with every variation (symbols, caps, numerals, ucase, lcase, etc) Any Password Strength Checker will give it 100%
They change it, and it still gets hacked. I must get 20 hack spams a year ONLY from Yahoo emails. Something totally does not add up. No way this is random.

How do you know their account has been hacked?
 

BxgJ

Golden Member
Jul 27, 2015
1,054
123
106
I get a spam email from this person's Yahoo account at least once a year.

Unhackable means they have a 20 character password with every variation (symbols, caps, numerals, ucase, lcase, etc) Any Password Strength Checker will give it 100%
They change it, and it still gets hacked. I must get 20 hack spams a year ONLY from Yahoo emails. Something totally does not add up. No way this is random.

Checked if they are spoofing the email address?

Btw, no such thing as a 100% strength password. Not possible by definition.
 

drebo

Diamond Member
Feb 24, 2006
7,034
1
81
I get a spam email from this person's Yahoo account at least once a year.

Unhackable means they have a 20 character password with every variation (symbols, caps, numerals, ucase, lcase, etc) Any Password Strength Checker will give it 100%
They change it, and it still gets hacked. I must get 20 hack spams a year ONLY from Yahoo emails. Something totally does not add up. No way this is random.

Maybe you're the one who's been compromised and the spammers are spoofing your contacts' addresses to make the messages more legit-seeming.
 

Imp

Lifer
Feb 8, 2000
18,828
184
106
Only account of mine -- I had all Gmail, Hotmail, and Yahoo -- to ever get hacked and used as a spambot was my Yahoo. Probably because I used it to receive garbage and never changed the password. Whatever, did a full delete a few weeks back. My few actually used accounts are all 2-step now.
 

MustISO

Lifer
Oct 9, 1999
11,927
12
81
Take a look at the email header and you'll probably find that they're not coming from Yahoo but from other stolen accounts. Not sure how it's done but the spammers harvest one or more contacts. Once they have that it's simply spoofed mail that looks like it comes from them. Seen it from Yahoo, Google, Hotmail, etc.