[Resolved] Yahoo Email Compromised

[Hoov]

Most definitely report it to Yahoo. I am not sure they will do anything about it, but if you don't report it definitely nothing will get done. As for Verizon, I doubt if they have the same option not all providers have that option.

As for your personal information, chances are you got lucky there. Spammers are interested in one thing, e-mail address's. If they were interested in the ID theft, they would have read your e-mail and then logged out without doing anything else. That way you would never know. I would keep an eye on it for 6 months or so.


There is one thing you may want to consider. Use an e-mail client instead of webmail. That way all the personal information is on your computer instead of on Yahoo's servers. You can still access new e-mail via the webmail interface, and depending on your settings even older e-mail. But after a certain number of days it would all be on your computer. This is the way I do it. I use Thunderbird for all my e-mail except that some newsletter type stuff and when I sign up on a new website I have all that sent to Gmail. I even get that via thunderbird and it is also archived on Gmail servers, but it is not personal information so I don't mind if it gets hacked. And if it does, I can always kill the account.

[kualewis]

I reported it to Yahoo and it will be interesting to see if they do or say anything.

I have a couple questions:
Why would the hacker have forwarded the email that tipped me off?
Do you think hacking my account was random?
Did the hacker have to beat my password even though he/she was on the Yahoo server?

Just curious - nothing like this has ever happened to me before.

Thanks for the advice on Thunderbird. I can't get it to take my Yahoo account for some reason - it keeps saying the user name or password are is incorrect, but I checked it multiple times and I know I put in the correct info.

[Hoov]

About the hacking, there is no way to tell. Most of them are not nearly as intelligent as one would think. They are using prewritten scripts and tools to do all the work. Most of the time they are not even smart enough to change the settings in the tools they are using. For example, a while back someone had modified a particularly virulent virus that had been making the rounds, but when they did so they forgot to change the date it was going to do a mass dropping of the payload and because of that it turned out to be a big dud. As for why it was your account, unless you have irritated a local hacker for some reason, chances are it was totally random. They usually are.

About getting Thunderbird to work with Yahoo, I apologize, Yahoo only lets those US customers with a plus account use the POP3 servers. I just found out when you said you could not get it to work.

I would suggest getting a Gmail account and use that with the POP3 servers, and get away from Yahoo. I know that will work, as I have set it up for many people.

[kualewis]

I made an interesting discovery yesterday - the TN login I pointed out earlier was actually from me when I log in from work. Not sure exactly how that works, but our HQ is in Nashville. I noticed it when I logged in and checked the activity, then logged out and in 2 or 3 times and saw what was happening. So I guess I don't know if anyone else was actually in my account after all. Anyway, I thought that was interesting.

[Hoov]

The company must have a VPN to the headquarters where the actual internet connection comes in. Have you had any other spams sent out?

[kualewis]

Nothing I'm aware of.

[Hoov]

Well it looks like the problem was not yours originally, but Yahoo's. Your best defense is to keep changing your passwords, and make sure they are suitably complex. I know there are some places that require you to change passwords every 90 days. I would also give some thought to using a password storage program. For instance I use KeePass and I store my password files on a removable device, so I carry it with me. And I use a single password of 25 characters with a key file of 256 characters to encrypt all the rest.

Do you have any other questions, concerns or problems? Are you satisfied that the problem is resolved? There are some bigger guns we can scan your computer with if you are still concerned, just let me know.

[kualewis]

I think we're ok for now. I really appreciate your help and I'll be back the next time I have a problem. Happy Thanksgiving!

[Hoov]

Happy Thanksgiving to you and your family!

Here is some info that you may find useful in the future.

Cleaning out Temporary Files etc. There are several different products that you can use for this. You can go thru the Internet Options in the windows Control Panel. There are several programs that also do the job better than windows does it, in my opinion. There is System Security Suite, EasyCleaner, Ccleaner. Also sometimes other program sometimes do it as well as what you originally got it for like ZoneAlarm Security Suite. Just make sure to keep them updated and use them regularly.
Make your Internet Explorer more secure - This can be done by following these simple instructions: (unless you are using ZoneAlarm Security Suite or something similar, then you would secure the browser thru the firewall). There are some good basic instructions for that here.

Use a different browser other than  IE (most exploits are pointed towards IE). One of them is
Firefox.
It is also worth trying Thunderbird for controlling spam in your e-mail.

Always use an UPDATED anti-virus program Make sure you update this at least weekly, if not more often. This is one thing that may save you more than anything else.

Run malware scanners. Three free ones are Spybot Search and Destroy, and AdAware and Malwarebytes' Anti-Malware

Always use a firewall.
Any firewall is better than none, and you should pick a firewall that you will use, as even the best firewall is worthless if you turn it off.
 
Learn how to use your firewall Only programs that need it should have access to the net. But these are specific to the firewall you use, so you will need to learn how. Several firewalls have support forums here. My page will help you with ZoneAlarm if that is what you choose. 


Never run two Antivirus programs or two Firewalls  at the same time. They can interfere with each other and cause problems. Some people swear that more protection is provided, but the reverse is true. They tend to argue amongst themselves and end up leaving holes. Now I have more than 1 AV installed on my computer, and I keep them up to date. I only run one at a time, but each program has weakness's, so I keep a backup in case my computer starts acting up.


 MOST IMPORTANT : Windows and IE, and whatever other software that you have that connects to the net, needs to be kept updated. The reason is, these programs connect to the net, and if there is an internal security problem, you have already told your firewall to allow the communication, and thus you will have allowed a hole. UPDATES are important. I suggest that you make sure that Windows Updates and the updates for your antivirus and antimalware programs are set for automatic updates. I also suggest running Secunia PSI. It will monitor the software you have installed and let you know when something needs to be updated.

Don't ever use P2P or filesharing software Even the safest P2P file sharing programs that do not contain bundled spyware, still expose you to risks because of the very nature of the P2P file sharing process. By default, most P2P file sharing programs are configured to automatically launch at startup. They are also configured to allow other P2P users on the same network open access to a shared directory on your computer. The reason for this is simple. File sharing relies on its members giving and gaining unfettered access to computers across the P2P network. However, this practice can make you vulnerable to data and identity theft. Even if you change those risky default settings to a safer configuration, the act of downloading files from an anonymous source greatly increases your exposure to infection. That is because the files you are downloading may actually contain a disguised threat. Many very malicious worms and trojans, such as the Storm Worm, target and spread across P2P files sharing networks because of their known vulnerabilities.

Before using any malware detection / removal software Check with Rogue/Suspect Spyware List That way you will know if the program you are looking at is on the up and up. If you want to know how it stacks up against other programs check out SpywareWarrior

We have a good guide here at Spyware Hammer on how to prevent Malware in the Future. You might want to peruse this and follow the recommendations in there.
PLEASE READ IT AND FOLLOW THE RECOMMENDATIONS TO PROTECT YOURSELF.

Let us know if you have any more problems, either new or old.
Have a good time surfing the net, but stay safe.
If you have no more problems, let me know and I will mark this as resolved. Or if you have more questions, ask away, that is why I am here./