My yahoo account ferrettkitt has been hacked

[ferrettkitt]

Those nice chappies or chappes's have hacked my yahoo ferrettkitt email address so if you get an email from me with my name in it bin it don't open it up.

 

Bstrds!!

[eddy8men]

no doubt the missus found porn on your laptop and the old "my account's been hacked excuse" came to mind.

good call, i've used that one myself too

 

rick

[fv1609]

Andy I have had about 6 emails come from members of the Champ Yahoo forum & 2 from a Ferret Yahoo forum.

They generally have a link (that I do not follow) & some random letters to presumably to throw spam filters off the scent. Yesterday I had similar messages from my sister who found her address book was hijacked. I don't think she uses forums but will ask if she has contact with Yahoo mail.

 

Seems to be a lot of it about!

 

http://thenextweb.com/insider/2013/03/06/despite-its-efforts-to-fix-vulnerabilities-yahoos-mail-users-continue-reporting-hacking-incidents/

[ferrettkitt]

I didn't think that I would ever have a problem as I usually clear my cookies and temp folders outs at least once a week but I hadn't had a clear out for more than a month. So I will be going back to how I used to do it and clear everything out at the end of the week and start afresh. I have changed my password with yahoo so with a bit of luck that will be it.

Edited March 7, 2013 by ferrettkitt

[ferrettkitt]

no doubt the missus found porn on your laptop and the old "my account's been hacked excuse" came to mind.

good call, i've used that one myself too

 

rick

 

Its all that military porn Ferrets and Foxes

Edited March 7, 2013 by ferrettkitt

[fv1609]

I just wonder what yahoo, google & all these people know about us?

 

At the top of the HMVF today & yesterday I'm getting an advert for a local heating company. Ok the locality via my IP but why heating? I have not searched for, nor gone to any sites that are to do with heating. But yesterday I received an email that was a receipt from a heating company that I paid on the phone earlier in the day.

 

Only the content of the email indicated that it was to do with heating. But the advert only started to appear after the email had arrived.

 

Perhaps I'll send myself emails telling me about Humber 1 Ton spares & see if it/they tune into my needs

[Marmite!!]

I just wonder what yahoo, google & all these people know about us?

 

At the top of the HMVF today & yesterday I'm getting an advert for a local heating company. Ok the locality via my IP but why heating? I have not searched for, nor gone to any sites that are to do with heating. But yesterday I received an email that was a receipt from a heating company that I paid on the phone earlier in the day.

 

Only the content of the email indicated that it was to do with heating. But the advert only started to appear after the email had arrived.

 

Perhaps I'll send myself emails telling me about Humber 1 Ton spares & see if it/they tune into my needs

 

http://www.dailymail.co.uk/debate/article-1337837/Google-Why-let-creepy-company-spy-emails.html

 

I would imagine that all these company's share information in your emails..

 

A honey-voiced Google spokesman was quick to respond to my call and insisted the adverts were generated not by a human being, but by a computer programme that all servers use to scan emails looking for spam and viruses. And that no information was read or sold to advertisers.

 

That may be true, but Google does use the content of your emails for commercial gain. It scans your words and searches for key words in the same way it does when you use the Google search engine.

When a key word from your email matches a key word in an advert in the Google bank, the relevant adverts electronically line up to hit first your email page and then your pocket.

 

 

Read more: http://www.dailymail.co.uk/debate/article-1337837/Google-Why-let-creepy-company-spy-emails.html#ixzz2Mqvo5UqZ

 

 

 

 

 

 

[Marmite!!]

6 Mar '13 Despite its efforts to fix vulnerabilities, Yahoo’s Mail users continue reporting hacking incidents..

 

Yahoo Mail users have been seeing their accounts broken into for months. While Yahoo says it has plugged at least two separate security holes leading to accounts getting hijacked, it appears the problem persists.

It’s unclear how long these attacks have been going on for, though we did first report Yahoo Mail users were seeing their accounts compromised back in early January. We’re now in March, and it appears that Yahoo still has a big problem on its hands.

Not only are we still getting reports from individual Yahoo users about their accounts getting hacked, but we are seeing spikes in traffic from Google to our previous stories. We believe these clicks represent a rise in users realizing their inboxes have been hijacked after hackers send out a bunch of emails from already compromised accounts.

Attacks typically consist of Yahoo users receiving an email from a friend or colleague (and sometimes a completely unknown party) containing a link that if clicked on, results in the account being hijacked. Some say their hijacked accounts send emails to select individuals, others report they get sent to all their contacts, and one even noted that they went out to “anyone I had ever received and/or sent a message to.”

We asked the users who got in touch with us if they got such an email and clicked on the link. Reports were mixed: some said they got an email and clicked the link, some said they got the email but didn’t click, and others said they never got such an email.

Amongst those that did click on a link, however, there was at least one aspect that recently seems to corroborate: the attackers have apparently been referencing a non-existent MSNBC news report in the email. The bit.ly URL that is included (we’re not linking it here for obvious reasons) redirects to a fake MSNBC page that reportedly hijacks your Yahoo Mail account immediately if you are logged in.

Yet many insist they never got such an email or click on such a link: their accounts were simply hijacked out of the blue. These individuals only learned about the incident from contacts who received shady emails from them.

Below are three excerpts from what Yahoo users have been telling us about these attacks. The first one comes from a Yahoo user who is part of a larger organization:

 

We were hacked at the end of January. They spammed everyone in the “contact” folder and deleted all the contacts. We just had another yahoo account hacked yesterday. Not only did it spam the entire “contact” folder, but we are unable to send out e-mails or access our “secret question” to change the password.

There was a toll free number to call and when we did so we spoke with people who spoke very poor English, and they asked for a one time fee of $100 for assistance with the issue. When we refused they hung up on us. We called the number twice, the first time we spoke with a woman and the second time we called we spoke with a man. Both times we called when we refused the payment of $100 we were hung up on.

It’s fair to say that this number in question does not belong to Yahoo. These are scammers attempting to get a ransom payment in exchange for an account they have compromised.

Another story comes from a Yahoo user who wants to simply be known as “someone in California”:

 

Actually, my yahoo account is a dummy account. Yahoo hosts my domain for another e-mail address and I never send/receive using the yahoo email address. That’s why I feel so certain that the hack had to have been on the yahoo-side. Also, the spam that went out was to people who had sent messages to my hosted domain name – not the yahoo account (even though the message they received was FROM my yahoo account).

so whatever the hack was, they were able to connect the dummy yahoo account to the hosted domain account. I know this because some recipients were people that were not in my address book and wouldn’t have even known about the yahoo account to ever have sent anything to the yahoo account. Their only connection was messages in the domain-hosted in box. Other reason I suspect it’s not fixed (and not just me) is that the spam filter for this account (my work email) picked up at least two other yahoo spams like mine at the same time. They were – like the scenario in mine- from people who probably had an email from me in their in box even though I wasn’t in their address book.

This is one of multiple stories we have seen that show those behind these attacks are using hijacked accounts to heavily spam others. This is one of the reasons why this campaign is ongoing and doesn’t look like it will be slowing down anytime soon.

A Canadian also had a similar story to tell:

 

My yahoo.ca email account was compromised last night and the same spam email, something to do with working at home for great money, was sent to all my contacts. Fortunately the account list that was attached to this email address was ten year old (it has now been archived) and half the messages came back as undeliverable. I also received the same spam message last week from a friend who sent it from her yahoo.ca account.

My Yahoo email account was set up during pre-BlackBerry days to retrieve messages remotely from other mail servers and is only used nowadays to track deliveries from e-retailers and to receive notices of updates from software providers and other non-essential vendors who require their clients to register in order to access their services. It has been linked passively to smartphones for the better part of a decade and I logged on yesterday to delete the outdated contact list and to change password for the first time in many years. As the account is been absolutely spamless and requires no management effort whatsoever, I will continue to use it as an electronic mailbox.

For reference, here’s the timeline of events up until today:

 

 

• On January 7, a lone hacker by the name of Shahin Ramezany uploaded a video to YouTube demonstrating how to compromise a Yahoo account by leveraging a DOM-based cross-site scripting (XSS) vulnerability exploitable in all major browsers. The same day, Yahoo got back to TNW with two statements, first saying it was investigating and secondly confirming it fixed the flaw.
  
• On January 8, researchers from Offensive Security let TNW know they had discovered that the vulnerability is still present, demonstrating a workaround showing they can still exploit the flaw in question.
  
• On January 11, Yahoo issued a third statement to TNW: “The cross-site scripting vulnerability that we identified on Friday was fixed the same day. We can confirm that we’ve now fixed the vulnerability on all versions of the site.”
  
• On January 28 and January 30, two Yahoo users contacted TNW to say their account was compromised via what they believed was the same way that was described in our previous articles.
  
• On January 31, we followed up with a story regarding a known flaw in the SWF Uploader component of Yahoo’s developer blog as pointed out by Bitdefender Labs. Yahoo says it fixed this flaw and recommended affected users change their passwords.
  
• On February 25, February 27, March 1, and March 4 we received more emails from Yahoo users saying their accounts had been compromised.
  

 

We contacted Yahoo about this issue but the company merely reiterated its previous stance. “The XSS flaws reported to Yahoo! have been fixed and we continue to aggressively investigate reports of any email accounts exhibiting anomalous behavior,” a Yahoo spokesperson told TNW. “We’re committed to protecting our users and their data. We strongly urge our users to change their passwords frequently and to use unique, alphanumeric passwords for each online site they visit.”

Yahoo is the third largest email provider after Microsoft and Google. Regardless of whether the flaws haven’t been patched properly or if these are new flaws, it’s simply unacceptable for Yahoo Mail users to have their accounts hijacked so easily and for Yahoo to stay passive for so long. The company needs to do more.

[fv1609]

Its scary stuff.

 

To see how responsive "they" are I have sent myself messages on my two usual email providers using the appropriate addresses.

 

First title & message "Where can I buy Humber armoured truck parts?" & for the other "Where can I buy latrine paper for my goat?"

 

So I await to see what they/it dreams up. The local heating advert has gone & now the forum page headers are rubber track products & financial services.

 

I wonder what will turn up :nut:

[fv1609]

Oh I get it because I mentioned "local heating advert" that has come back again.

 

I shall go back to the email accounts & send some different messages about other things as mentioning on here expedites the linking more quickly. But in the meantime for the benefit of bots & all that sort of thing. Where can I get latrine paper for my goat? :-D