My yahoo e mail account was hacked today. They (who ever they are ) went in to my contacts and spamed everyone, I never had this happen so it freaked me out. I not sure if they can read all my e mails and then copy them for use ful info.
How does this happen ?? My thoughts, I had a friend send me some pictures when he was on a road trip over the weekend, and I was very active on paceline this weekend....has anyone reported issues with security on paceline ?
Also, once hacked can they access my other other account such as e bay and other email accounts
Thx for the help as this is first time around for this one.

Did you have a "strong" password?

Did you have a "strong" password?

Yeah, you would never come up with this off the top of your head...where does all this start ?? how do they get through the firewall and anti virus software ??
I placed an ad on craigs list for a apartment for rent, so I had a large number of responses, maybe they worked there way though somehow.
I'd love to figure this one out...

My understanding is that the account is hacked when the user clicks on a malicious site/link. Realistically no one targeted you individually. Based on the emails I get and similarities in their "guessed internet usage patterns" I'm thinking that the users are clicking on shortened links on Twitter or on malware loaded links in Facebook.

I'm guessing here that if you're logged into email at the time then you're hosed. Just a guess. I had two friends say they changed the password and it was still bad - I'm guessing that the malware broadcasts this new password to whoever wrote the malware.

I don't know if your email account is compromised. I'd assume so and make any changes necessary to safeguard other accounts (similar passwords etc).

I don't click on links like "hey is this you" in twitter (shortened link is a malware site usually) or odd things that a friend likes on Facebook (usually malware on a video or coupon etc - recently there was a "get free tickets from Southwest" thing going around).

Generally speaking if you really are curious about that video that your friend apparently "liked" then you should Google it or search for it in YouTube etc. Often you'll find it's actually a bad site.

If someone direct messages you in Twitter giving you a link you can direct message them back and ask them to email you the link in full.

How does this happen? So many ways.

They did not get in through your firewall, or your AV. What can happen is multifaceted.

One possibility, Yahoo had a vulnerability published on 1/7/2013 <http://thenextweb.com/insider/2013/01/07/yahoo-mail-users-hit-by-widespread-hacking-xss-exploit-seemingly-to-blame/> this exploited poor coding practices on Yahoo's site. No AV or firewall (on your side) would protect against this. You may have been sent a "phishing" email that appeared to be from yahoo but the link actually included malicious credential harvesting code... These are tricky as the URL looks right at a glance. But the poor coding practices of yahoo allowed this to happen.
An example would be http://www.yahoo.com/index.php?foo=alert('xss')
The tailing part would be executed in your browser.

Another possibility is that your machine had a malware that affected a browser or browser plugin that has not been detect by your AV.

Also good practice is to never use the same password on multiple accounts, that way if one gets popped, you do not expose all of your accounts.

And last, and probably the most realistic. Someone sent you an email that appeared to be from yahoo, but in reality the link to login or update a password. This is called "phishing".

One thing to remember is to change your password regularly. Often a site will get hacked, credentials will be stolen but they will not be sold for weeks or months on the open hacking market.


Tips to protect yourself:
Never click on links in email.
Change your password often.
Use a separate browser for purchases/banking than the one you surf with.


Cheers,
-Joe

Use a password manager. Basic idea: remember one secure password to your password manager, which will store, automatically fill and generate secure passwords for you.

LastPass (https://lastpass.com/) is a great one, I have been using the Premium version for a year and a half with no troubles.

A longer password is more secure than a shorter one with multiple character types (uppercase, lowercase, numbers and special characters).

Song lyrics are a great way to have a 20+ character password that you can remember.

Just a quick response as I'm on the road. There is no way that someone could access your Yahoo email account because of The Paceline. The only thing we have in your user account is your email address and so there isn't anyway that The Paceline could aid someone in hacking your email account.

BTW, my deceased father's Yahoo email account was hacked last week too.

Just a quick response as I'm on the road. There is no way that someone could access your Yahoo email account because of The Paceline. The only thing we have in your user account is your email address and so there isn't anyway that The Paceline could aid someone in hacking your email account.

BTW, my deceased father's Yahoo email account was hacked last week too.

Guys, ths for all the help (and sorry to hear about your dad ) ,I changed all my passwords and the mass hacked e mails sent to my contacts have stoped.
This was a learning experiance and I'll have to be careful going foward..

i've had my yahoo email account for about 16 years and i've never had this problem. i never click open on spam emails.

First time for me, my guess it came in on one of the many craigslist responce that I had for an apt. for rent.
Or, could it been attached to a picture that was sent to me from an unsecured handheld device ??

I would blame the porn sites you likely visit. :)

:banana:

Just kidding of course.

I would blame the porn sites you likely visit. :)

:banana:

Just kidding of course.

I hear ya, but honestly no porn for me...;0

My Yahoo account was hacked a month ago. Floods of spam e-mails were sent out from my account to people on my contact list. I changed the password to a much stronger one, and the problem stopped.

I don't know why, but my Yahoo spam folder used to be almost empty all the time, and now I usually have about 20 spam e-mails a day.

Yeah. The same thing happened to me a few weeks ago and also a few years ago. In both cases spam was e-mailed from my account to everyone in my contact list as well as to a bunch of e-mail addresses that I never heard of ( I saw this because several of the undeliverable messages were bounced back to me ). Other than that the contents of my Yahoo account was untouched afaik . Both times I changed my password and the problem stopped.

I'm careful about clicking on suspicious links but I could have accidentally clicked something I shouldn't have. Looking around on the internets I get the impression that Yahoo accounts are particularly vulnerable to hacking.

As stated above, this is a largely yahoo problem. I see the results about every week or two when suddenly I am besieged with spam emails from someone's yahoo account. The bad guys get access to the entire address book and spam all contained within it for months on end.

My best advice is to use some other service provider for your email. Even if that means you have to pay a little bit for a higher level of service and security.
Poorly run outfits (usually giving out free email service) are sort of a bane on the internet and actually enable a good bit of the mischief we all wish didn't exist.

Do what everyone else does. Ditch Yahoo and get a gmail account.

Don't use the same password for email (or other important stuff) as you do for forums or social sites.

Stop using Internet Explorer.

This helped me out a lot, I just put four words together and haven't had a problem ever.

http://cache.gawkerassets.com/assets/images/17/2011/08/passwords.jpg

-

Do what everyone else does. Ditch Yahoo and get a gmail account.

If you do that, use Google's two-step verification. I've been using it for about a year and it is a lot easier than you would think. It works well as long as your cell phone is near you when you log on, which mine always is...or at least a room or two away.

With two-step verification, the thief needs to have both your cell phone and you password or be using one of your computers.

I hear ya, but honestly no porn for me...;0

the Bill Clinton strategy.... deny, deny, deny!!!