Heads Up, My Yahoo Email Account got hacked!

 

I was using my Yahoo Email account today (2018-02-02)and it was hacked while I was online!

Someone added a phone number from RUSSIA so they could reset my password...

SO if your email get's hacked, make sure you look to see if there's another phone number listed as a contract number and DELETE IT!

Then change the password!!

Look out folks.. I don't know if this is another breach of the YAHOO Email or not... I did notice the other day my Yahoo Email was acting strange..

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

WOW

I have no phones number listed and Yahoo ask me quite often to add one for my convenience should they have to send me my pass word.
How do you know it was from Russia?

Guess I'll have to watch and see if some adds a number for me.

--
garry

Same with Facebook and Google.

garry1p wrote:

I have no phones number listed and Yahoo ask me quite often to add one for my convenience should they have to send me my pass word.
How do you know it was from Russia?

Guess I'll have to watch and see if some adds a number for me.

Facebook and Google both ask me to add phone number. Don't trust either one to either use that number for marketing, or lose the info if they get hacked.

--
NUVI2555LMT, NUVI350

Practice good security

There are tons of password managers out there for PC, Mac, Linux, Android, iOS, etc.

Use a different password for each account you have. Make each of them over 20 characters and include letters, numbers, special characters, and a mix of upper and lower case. Use the password manager to save and manage your various passwords.

Your e-mail account is the most important of all of them. If somebody gets that, they can get access to pretty much everything else you have. Make your e-mail account password the most lengthy and complex.

Most password managers include a tool to generate passwords according to your specifications. For the truly paranoid, use this:

https://en.wikipedia.org/wiki/Diceware

http://world.std.com/~reinhold/diceware.html

Also, never give correct answers to security questions. If you do, somebody who knows you could potentially answer those questions and get access to your accounts. Always use a few random words as answers to security questions and keep a record of them in your password manager.

.

GPSgeek wrote:
garry1p wrote:

I have no phones number listed and Yahoo ask me quite often to add one for my convenience should they have to send me my pass word.
How do you know it was from Russia?

Guess I'll have to watch and see if some adds a number for me.

Facebook and Google both ask me to add phone number. Don't trust either one to either use that number for marketing, or lose the info if they get hacked.

Same here, been asked, will not give. More and more ways pop up every day to steal from you in this electronic age, gone are the days the robber had to look you in the eye.

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .

?

What a surprise. How many times has Yahoo been hacked... rolleyes

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

.

poibb wrote:

There are tons of password managers out there for PC, Mac, Linux, Android, iOS, etc.

~snip~

I use one, can generate large passwords using everything on the keyboard, however, the program itself still requires a password to use that you have to remember, only as good as the weakest link comes to mind.

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .

.

Juggernaut wrote:

What a surprise. How many times has Yahoo been hacked... rolleyes

wifey uses Yahoo email, seems like every few months.

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .

Precisely

Why use it.

--
nüvi 3790T | nüvi 775T | Those who make peaceful revolution impossible, will make violent revolution inevitable ~ JFK

.

GPSgeek wrote:
garry1p wrote:

I have no phones number listed and Yahoo ask me quite often to add one for my convenience should they have to send me my pass word.
How do you know it was from Russia?

Guess I'll have to watch and see if some adds a number for me.

Facebook and Google both ask me to add phone number. Don't trust either one to either use that number for marketing, or lose the info if they get hacked.

Do you use Android smartphone? If you do, it's safe to say that Google already got your phone number. Same goes for Facebook. If you use it on the phone, they have your number. I don't fill out my phone number on my Facebook profile but I assume they already know it.

.

BarneyBadass wrote:

I was using my Yahoo Email account today (2018-02-02)and it was hacked while I was online!

Someone added a phone number from RUSSIA so they could reset my password...

SO if your email get's hacked, make sure you look to see if there's another phone number listed as a contract number and DELETE IT!

Then change the password!!

Look out folks.. I don't know if this is another breach of the YAHOO Email or not... I did notice the other day my Yahoo Email was acting strange..

Are you saying that you check Yahoo Account Security and find out that there's a recovery phone number that you never added? And when you look at Recent Activity, there's a device with a Russian IP address?

When did you last change your Yahoo password? Was it before or after that big news about Yahoo breach? Care to elaborate?

@Chewbacca

chewbacca wrote:
BarneyBadass wrote:

I was using my Yahoo Email account today (2018-02-02)and it was hacked while I was online!

Someone added a phone number from RUSSIA so they could reset my password...

SO if your email get's hacked, make sure you look to see if there's another phone number listed as a contract number and DELETE IT!

Then change the password!!

Look out folks.. I don't know if this is another breach of the YAHOO Email or not... I did notice the other day my Yahoo Email was acting strange..

chewbacca wrote:

Are you saying that you check Yahoo Account Security and find out that there's a recovery phone number that you never added?

Exactly! it was 380 xxxxxxxxxx... whatever it was..

chewbacca wrote:

And when you look at Recent Activity, there's a device with a Russian IP address?

Kinda Sorta; the time zone setting and the phone number that had been added were both set to be Russian.

chewbacca wrote:

When did you last change your Yahoo password?

Prior discovering this breach, I changed all my passwords on 2018-01-29, then after finding my Yahoo email password had been hacked while I was using it on 2018-02-02, I changed them all again on 2018-02-02. I get into all my email accounts several times a day so it happened sometime on 2018-02-02 while I was actually using the account.

This is kind of akin to sites where you get 3 chances to put in your password before you get locked out. While you are logged in to many of these systems, if someone tries to get into your account 3 times, and fails, your account password gets locked, so you can't get into it and you need to get it reset somehow.

chewbacca wrote:

Was it before or after that big news about Yahoo breach?

This hack happened on 2018-02-02

chewbacca wrote:

Care to elaborate?

I routinely change all my email passwords, all my financial and health account passwords every 30-45 days unless I'm somehow forewarned there's been a breach of one kind or another, then I change all the passwords at that time. Then I continue on to change all my passwords on their normally scheduled 30-45 day change cycle.

All my passwords are 16-30 characters in length, Upper; lower, numeric and special characters.

No two passwords are the same. They don't even follow the same pattern.

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

BarneyBadass wrote: I was

BarneyBadass wrote:

I was using my Yahoo Email account today (2018-02-02)and it was hacked while I was online!

Someone added a phone number from RUSSIA so they could reset my password...

SO if your email get's hacked, make sure you look to see if there's another phone number listed as a contract number and DELETE IT!

Then change the password!!

Look out folks.. I don't know if this is another breach of the YAHOO Email or not... I did notice the other day my Yahoo Email was acting strange..

Please use two factor authentication to be safe.

--
Iphone XR, Drivesmart 61,Nuvicam, Nuvi3597

.

Juggernaut wrote:

Why use it.

She says because she has had that address for so long it would be impossible to notify everyone of a change, some folks she hasn't talked to or seen in years. She's a teacher and some former student reach out once in a while, etc etc etc.

Personally, I think she should dump it.

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .

2FA Not Infallible...

rookie8155 wrote:

Please use two factor authentication to be safe.

FYI:

https://www.theverge.com/2017/9/18/16328172/sms-two-factor-a...

What About Non-Yahoo Addresses On Yahoo Servers?

Because years ago AT&T outsourced email hosting services for their various operating subsidiaries' customers to Yahoo, authentication for users during login happens at AT&T, which then "opens the doors" to your email account. Any attempt to verify phone numbers or other owner-specific credentials just takes you to some server on AT&T's customer networks--effectively a man-in-the-middle weakness BY DESIGN! Not sure who to distrust the most.

Does Yahoo offer

Does Yahoo offer multi-factor authentication?

um...

riveroaks wrote:

Does Yahoo offer multi-factor authentication?

NOt that I'm aware of...

--
Never argue with a pig. It makes you look foolish and it anoys the hell out of the pig!

Still

have my Yahoo email from AT&T years ago, no problems but, I also use RoboForm. RoboForm Everywhere keeps my passwords up to date and password protected on all my computers.
My 2 cents.

--
Garmin Nuvi 765T, Garmin Drive 60LM

Yahoo 2FA

BarneyBadass wrote:
riveroaks wrote:

Does Yahoo offer multi-factor authentication?

NOt that I'm aware of...

Yahoo does offer 2FA, under Account Info, FYI:

http://oi68.tinypic.com/v5zhh2.jpg

regular changes

As long as Yahoo (or any other email host) will not take seriously security on their side, there is not much you can do. If they "giving away" your account credentials to hackers, even 100 layers of authentication is worthless.

All you can do is to change your password on regular basis (often is better) and hope, that in meantime another breach will not happen.

tli wrote: rookie8155

tli wrote:
rookie8155 wrote:

Please use two factor authentication to be safe.

FYI:

https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin

It may not be 100% secure but the advantage is that you get notification right away on your phone when someone tries to temper with your account.

--
Iphone XR, Drivesmart 61,Nuvicam, Nuvi3597

Password managers

poibb wrote:

There are tons of password managers out there for PC, Mac, Linux, Android, iOS, etc.

While most are probably legit... If I were going to try to collect people's passwords, I think a great method would be to create a password manager that sends me your passwords in the background. I'd make it look and feel legit. Maybe even charge a few bucks instead of making it free, just to give my "clients" a warm fuzzy that it was legit. Even jump through whatever hoops are needed to get it on the app stores.

--
NUVI 350

Good Advice

Thank you for sharing.

--
Shooter N32 39 W97 25 VIA 1535TM, Lexus built-in, TomTom Go

.

Jery wrote:

have my Yahoo email from AT&T years ago, no problems but, I also use RoboForm. RoboForm Everywhere keeps my passwords up to date and password protected on all my computers.
My 2 cents.

If RoboForm gets hacked, wouldn't they have all of your passwords in 1 place?

Yes

And that is the problem with all "multi-platform sync across all your devices" software. If it only stored the passwords on one device most people would not even download it, but they forget about privacy because of they want it all on all devices.

--
I never get lost, but I do explore new territory every now and then.

Another argument for Open Source software

If you can't review the source code and compile it yourself you can never truly be sure.

MikeSid wrote:

While most are probably legit... If I were going to try to collect people's passwords, I think a great method would be to create a password manager that sends me your passwords in the background. I'd make it look and feel legit. Maybe even charge a few bucks instead of making it free, just to give my "clients" a warm fuzzy that it was legit. Even jump through whatever hoops are needed to get it on the app stores.

I always...

GPSgeek wrote:
garry1p wrote:

I have no phones number listed and Yahoo ask me quite often to add one for my convenience should they have to send me my pass word.
How do you know it was from Russia?

Guess I'll have to watch and see if some adds a number for me.

Facebook and Google both ask me to add phone number. Don't trust either one to either use that number for marketing, or lose the info if they get hacked.

...give a fake phone number. I usually give them a phone number that I used at work that was an emergency phone that was in place just in case our phone system went down. If they call it, they will get nothing but a lot of ringing.

--
It is impossible to rightly govern a nation without God and the Bible. ----George Washington

.

KenSny wrote:

And that is the problem with all "multi-platform sync across all your devices" software. If it only stored the passwords on one device most people would not even download it, but they forget about privacy because of they want it all on all devices.

I use Roboform and have not synced it across all my devices. There is one file that has all the info under my control. Important password protected stuff is only done on that device, no matter how inconvenient it can be at times.

Roboform's weak spot is the master password you have to remember to access the program. It's strong point is the ability to generate and remember very complex passwords that would be nearly impossible to remember.

--
. 2 Garmin DriveSmart 61 LMT-S, Nuvi 2689, 2 Nuvi 2460, Zumo 550, Zumo 450, Uniden R3 radar detector with GPS built in, includes RLC info. Uconnect 430N Garmin based, built into my Jeep. .

.

BarneyBadass wrote:
riveroaks wrote:

Does Yahoo offer multi-factor authentication?

NOt that I'm aware of...

They do. Check your Yahoo Account security settings. Btw, I just checked my throw away Yahoo mailbox. In Preferences I see the following (under My Locations):

Hong Kong, Hong Kong
Sydney, NSW, Australia
Tokyo, Tokyo Prefecture, Japan
London, England, United Kingdom
New York, NY
Paris, Ile-de-France, France
Los Angeles, CA
Sunnyvale, CA
Rome, LZ, Italy

I have not visited those places recently except Los Angeles, CA. I've never visited some of the above places in my life. Looks like this account was either breached or there have been attempts to sign in from those locations. I removed everything except Los Angeles. I'll check back in a few weeks/months. Let's see if there are new places listed under Preferences.

.

tli wrote:
rookie8155 wrote:

Please use two factor authentication to be safe.

FYI:

https://www.theverge.com/2017/9/18/16328172/sms-two-factor-authentication-hack-password-bitcoin

Here's another reason:
http://www.androidpolice.com/2018/02/06/t-mobile-sued-portin...

Thanks for the tip!

I'm going to look into it for my accounts right now!