Security Paranoia

If you thought that your Yahoo ( or hotmail or even gmail ) email is safe and if you keep important email/information in email box –

** THINK AGAIN**

Because so far I was thinking the same about Yahoo email, until someone hacked my account and I could no longer access my email box

This is the summary of what happened two days back ( Sept 6, 2006 )

• 5:30 pm - Received email on my alternate email address ( non-yahoo) that your password has been changed ! And I knew that I had not changed my password !!!
• I was surprised and was in panic mode. Why ?
• I have had this account for last 10 years - quite long time ( Like many others )
• This is not junk account, but very much operational and heavily used account.
• This is Yahoo Mail Plus account and I pay yahoo for upgraded services ( 2 GB storage and No Ads and more features ). I was thinking so far that it is safest thing in world ! After all I am paying for it. Boy, I was wrong !
• I have substantial investment in this yahoo account ( Like many others, I am guessing )
• Important emails and other information ( Some of it can be sensitive )
• More then 15 yahoo groups attached to it
• Many Yahoo photos
• Use of Yahoo Brief case
• Being old account, almost all my friend have this email address
• Also used to register in many ( legitimate ) websites
• Lot many contacts in addressbook
• Lot of good memories, news
• Some financial information too on it ( Now I think, why did I put there ?? Stupid, huh ? )
• 6:30 pm - Called yahoo support. They told me to call tomorrow. They were closed for “password help”
• 6:40 pm - Sent email to yahoo support. Does it help? Not sure.
• 6:50 pm - Started reading on Internet of similar experiences. Guess what ! Found many ! I got more worried
• 7:00 pm - I thought of a friend who knew about this and I remember him talking about it once. I quickly called him. He very kindly guided me.
• 11:30 pm - Got my account back. Password was recovered. I could login again ! ( Big sigh…. )
• I used yahoo online reset password feature. ( Link is given below )
• I could only do this as LUCKILY hacker had NOT changed my credentials yet and I could successfully validate my account. If you continue reading, you will find out more about recovering password. This is very important.

Well, half a day ( It felt much longer ) of absolute terror !

Actually, I was lucky and this was fast recovery of account. Many ( rather most ) people have not recovered their account back. If you have the paid account, there is (some) hope as Yahoo has to respond to your query. But as I read and heard, in case of “free” account, it is almost hopeless.

In my case, I don’t know, if hacker really extracted important information and misused it or not. Too early to say. May be I will find out later. Scary, isn’t it ?

In last two days, surprisingly, I heard 3 more very similar incidents from my colleagues and friends. It seems like virus spreading around. While talking to other friends, I found that they had also heard similar cases. It is happening…

So I will say that YAHOO EMAIL is NOT safe these days ! Thanks to creative brain power of hackers

Now, it makes me think, which popular email is safe then ? gmail, hotmail ? may be. I will not bet on it. In general, nothing is safe in my opinion.

This incident opened my eyes ! NOTING IS SAFE!

Only thing closer to being safe is “Being paranoid about security”

How to get password back?

• This seems almost impossible, if you have free account
• Still, you can try to recover it using yahoo’s online reset password feature. Link can be found here
• You need to answer all questions correctly. You better know the “fake” birthday you may have given on the account. It is good idea to check and remember all verification details while you have access to it.
• But even if you remember correctly, there are always chances that the hacker would have changed it after hacking the account. In this case, it is near to impossible to recover it. Now, You are trying to “hack” your own birthday and zipcode Actually, it is not funny, when it happens.
• Try callling yahoo support.
• Yahoo customer care number : 1-866-562-7219 ( Option #2, #2 for passord help )
• Note: They are only open from 6am to 6pm PST ( Mon to Fri )
• You can send email to yahoo support. However, sending email is not useful and you don’t get proper reply except automated reply. With nearly 200 million accounts, I wonder, how will they keep up with it ?. Yahoo support should respond, if you are paid member.
• Apart from this, I can’t think more except worrying about what hackher may be doing with your account and may be cursing yourself for putting imoportant info in email box. But at least, now one can make plan to stop it in future. I am making one. We all should.

What you can do to prevent it ?

With Yahoo Email, few things to keep in mind

• Password Strength - Convenience and safety don’t goto gather
• Keep password with higher strength. I thought that my password was not easy one. May be I was wrong or hacker was smart guy (Usually they are ! )
• Keep changing password regularly,if possible. It may be inconvinient, but will be helpful to protect your privacy.
• NEVER reply to phishing or any suspicious emails asking for account details, passwords etc.
• Most of techy guys know about this and figure out difference between good and fake website. Still sometimes, we may fall into trap.
• Now, Yahoo provides good feature called password theft protection. I will encourage everyone to start using it. It is free and it works similar to “SiteKey” feature banks provide these days.
• Do not keep lot of important information in email account

So how they hack it ?

I wish I knew all details

This is the question, I am wondering too. I welcome comments from readers.

There are few ways I can think of –

• Receiving information from responses from phishing emails — This probably will be top method, I guess
• Automated scripts or spiders trying for different combinations of password - Technically it is not very diffciult to do.
• Someone smart ( and with lot of time on hand ) may try to manually try various combination and may succeed at the end. Less likely, but possible.

At the end –

Be Safe. Always be paranoid about security in general

Please, feel free to give any other suggestions you may have.

If you thought that your Yahoo ( or hotmail or even gmail ) email is safe and if you keep important email/information in email box –

** THINK AGAIN**

Because so far I was thinking the same about Yahoo email, until someone hacked my account and I could no longer access my email box

This is the summary of what happened two days back ( Sept 6, 2006 )

• 5:30 pm - Received email on my alternate email address ( non-yahoo) that your password has been changed ! And I knew that I had not changed my password !!!
• I was surprised and was in panic mode. Why ?
• I have had this account for last 10 years - quite long time ( Like many others )
• This is not junk account, but very much operational and heavily used account.
• This is Yahoo Mail Plus account and I pay yahoo for upgraded services ( 2 GB storage and No Ads and more features ). I was thinking so far that it is safest thing in world ! After all I am paying for it. Boy, I was wrong !
• I have substantial investment in this yahoo account ( Like many others, I am guessing )
• Important emails and other information ( Some of it can be sensitive )
• More then 15 yahoo groups attached to it
• Many Yahoo photos
• Use of Yahoo Brief case
• Being old account, almost all my friend have this email address
• Also used to register in many ( legitimate ) websites
• Lot many contacts in addressbook
• Lot of good memories, news
• Some financial information too on it ( Now I think, why did I put there ?? Stupid, huh ? )
• 6:30 pm - Called yahoo support. They told me to call tomorrow. They were closed for “password help”
• 6:40 pm - Sent email to yahoo support. Does it help? Not sure.
• 6:50 pm - Started reading on Internet of similar experiences. Guess what ! Found many ! I got more worried
• 7:00 pm - I thought of a friend who knew about this and I remember him talking about it once. I quickly called him. He very kindly guided me.
• 11:30 pm - Got my account back. Password was recovered. I could login again ! ( Big sigh…. )
• I used yahoo online reset password feature. ( Link is given below )
• I could only do this as LUCKILY hacker had NOT changed my credentials yet and I could successfully validate my account. If you continue reading, you will find out more about recovering password. This is very important.

Well, half a day ( It felt much longer ) of absolute terror !

Actually, I was lucky and this was fast recovery of account. Many ( rather most ) people have not recovered their account back. If you have the paid account, there is (some) hope as Yahoo has to respond to your query. But as I read and heard, in case of “free” account, it is almost hopeless.

In my case, I don’t know, if hacker really extracted important information and misused it or not. Too early to say. May be I will find out later. Scary, isn’t it ?

In last two days, surprisingly, I heard 3 more very similar incidents from my colleagues and friends. It seems like virus spreading around. While talking to other friends, I found that they had also heard similar cases. It is happening…

So I will say that YAHOO EMAIL is NOT safe these days ! Thanks to creative brain power of hackers

Now, it makes me think, which popular email is safe then ? gmail, hotmail ? may be. I will not bet on it. In general, nothing is safe in my opinion.

This incident opened my eyes ! NOTING IS SAFE!

Only thing closer to being safe is “Being paranoid about security”

How to get password back?

• This seems almost impossible, if you have free account
• Still, you can try to recover it using yahoo’s online reset password feature. Link can be found here
• You need to answer all questions correctly. You better know the “fake” birthday you may have given on the account. It is good idea to check and remember all verification details while you have access to it.
• But even if you remember correctly, there are always chances that the hacker would have changed it after hacking the account. In this case, it is near to impossible to recover it. Now, You are trying to “hack” your own birthday and zipcode Actually, it is not funny, when it happens.
• Try callling yahoo support.
• Yahoo customer care number : 1-866-562-7219 ( Option #2, #2 for passord help )
• Note: They are only open from 6am to 6pm PST ( Mon to Fri )
• You can send email to yahoo support. However, sending email is not useful and you don’t get proper reply except automated reply. With nearly 200 million accounts, I wonder, how will they keep up with it ?. Yahoo support should respond, if you are paid member.
• Apart from this, I can’t think more except worrying about what hackher may be doing with your account and may be cursing yourself for putting imoportant info in email box. But at least, now one can make plan to stop it in future. I am making one. We all should.

What you can do to prevent it ?

With Yahoo Email, few things to keep in mind

• Password Strength - Convenience and safety don’t goto gather
• Keep password with higher strength. I thought that my password was not easy one. May be I was wrong or hacker was smart guy (Usually they are ! )
• Keep changing password regularly,if possible. It may be inconvinient, but will be helpful to protect your privacy.
• NEVER reply to phishing or any suspicious emails asking for account details, passwords etc.
• Most of techy guys know about this and figure out difference between good and fake website. Still sometimes, we may fall into trap.
• Now, Yahoo provides good feature called password theft protection. I will encourage everyone to start using it. It is free and it works similar to “SiteKey” feature banks provide these days.
• Do not keep lot of important information in email account

So how they hack it ?

I wish I knew all details

This is the question, I am wondering too. I welcome comments from readers.

There are few ways I can think of –

• Receiving information from responses from phishing emails — This probably will be top method, I guess
• Automated scripts or spiders trying for different combinations of password - Technically it is not very diffciult to do.
• Someone smart ( and with lot of time on hand ) may try to manually try various combination and may succeed at the end. Less likely, but possible.

At the end –

Be Safe. Always be paranoid about security in general

Please, feel free to give any other suggestions you may have.