Sent Emails I Didn't Send

[olds]

Some emails were sent from my yahoo account that I didn't send. They were in my sent folder so I guess it wasn't spoofed. I changed my password and no virus' were found.
What may have happened?

I included the links in case anyone has seen them before or they identify a virus/trojan, etc.

DON'T GO HERE
The links in the email went to:
h ttp://www.priyamproducts.com/page..friends.html?a=7c8j4bysu&sjgiloh=ynov

h ttp://gfbrownins.com/page..yahoo.php?b=3e8q0jzi&ukagezi=omuzi
DON'T GO HERE

 

[theevilsharpie]

Your password was probably compromised.

 

[Oakenfold]

Hey Olds. Sorry to hear about your trouble. Do you surf the web @ coffee shops/free wifi?

Try running Housecall to see if it picks anything up. http://housecall.trendmicro.com/

I don't use Yahoo but it could have been bruteforce assuming they don't lock you out after X number of access attempts (even then you could always find out the reset and only try X number of times a day).

Was your old password able to be found or created through referencing a dictionary?

 

[olds]

Hey Olds. Sorry to hear about your trouble. Do you surf the web @ coffee shops/free wifi?

Try running Housecall to see if it picks anything up. http://housecall.trendmicro.com/

I don't use Yahoo but it could have been bruteforce assuming they don't lock you out after X number of access attempts (even then you could always find out the reset and only try X number of times a day).

Was your old password able to be found or created through referencing a dictionary?

I'll run the trendmicro. (Nothing found)
You won't find my password in a dictionary. But it was only 4 characters.
Thanks.

 

[seepy83]

Just 1 other thing to add to this discussion:
If you use the same password for multiple websites/accounts, then change them all. Your Yahoo account might not have been hacked directly...some account you have on a much less secure system (unpatched messageboard server/software, for example) may have been compromised, and linked back to your Yahoo account.

 

[Oakenfold]

I'll run the trendmicro. (Nothing found)
You won't find my password in a dictionary. But it was only 4 characters.
Thanks.

Sounds good! I like to validate with two different A/V's, just to be sure.
4 Characters? My friend it's time for you to get a password manager, check out keepass.
http://keepass.info/
Sucks using any pw manager at first but after a while you will get used to it. Use it to generate strong unique passwords for every site you go to.

Just 1 other thing to add to this discussion:
If you use the same password for multiple websites/accounts, then change them all. Your Yahoo account might not have been hacked directly...some account you have on a much less secure system (unpatched messageboard server/software, for example) may have been compromised, and linked back to your Yahoo account.

Excellent thought seepy!!

 

[SagaLore]

But it was only 4 characters.

You can't be serious...

 

[Dude111]

Your password was probably compromised.

Yes i reckon it was...... A friend of mine on yahoo had his gotton 2 times!!!!!! -- BOTH TIMES HE CHANGED HIS PASSWORD!!

How is this able to be done??

 

[theevilsharpie]

Yes i reckon it was...... A friend of mine on yahoo had his gotton 2 times!!!!!! -- BOTH TIMES HE CHANGED HIS PASSWORD!!

How is this able to be done??

Well, when you use four-character passwords... :whiste:

 

[olds]

4 character password is not the worse thing.
It's been the same password since I opened the account around 1997...
<--- slinks off with tail between legs

 

[bononos]

4 character password is not the worse thing.
It's been the same password since I opened the account around 1997...
<--- slinks off with tail between legs

I'll bet it was your pin number too.

 

[SecurityTheatre]

4 character password is not the worse thing.
It's been the same password since I opened the account around 1997...
<--- slinks off with tail between legs

Woot!!!!!!

Obviously, four characters isn't quite enough, especially if you reuse it and have used it for ages.

Frankly, if you were to simply triple it (write it three times) with some punctuation between each iteration, it would be pretty strong.

1234 is frackin awful

1234%1234!1234? is a pretty decent password, and almost as easy to remember

 

[olds]

I'll bet it was your pin number too.

You'd win...

Woot!!!!!!

Obviously, four characters isn't quite enough, especially if you reuse it and have used it for ages.

Frankly, if you were to simply triple it (write it three times) with some punctuation between each iteration, it would be pretty strong.

1234 is frackin awful

1234%1234!1234? is a pretty decent password, and almost as easy to remember

How about "This&password&sucks!"?

I know I was lax with that password. It's just been the same one forever. No more.

 

[KentState]

Just 1 other thing to add to this discussion:
If you use the same password for multiple websites/accounts, then change them all. Your Yahoo account might not have been hacked directly...some account you have on a much less secure system (unpatched messageboard server/software, for example) may have been compromised, and linked back to your Yahoo account.

That's the big thing right now. A site gets hacked, email and passwords are then used against various other sites. Almost like a house of cards if the hackers are smart enough to complete the entire chain.

 

[Saint Nick]

Woot!!!!!!

Obviously, four characters isn't quite enough, especially if you reuse it and have used it for ages.

Frankly, if you were to simply triple it (write it three times) with some punctuation between each iteration, it would be pretty strong.

1234 is frackin awful

1234%1234!1234? is a pretty decent password, and almost as easy to remember

Too bad every site has different rules so you can't just apply one to all. But honestly that is probably a good thing.

 

[KeithTalent]

This happened to my Gmail account a little while back. All went through my sent mail. I went to the 'details' on my account and it showed someone signed in from Texas, which was the issue. Hit "sign out all other sessions", it killed that session, then I changed my password to something very strong and have been fine ever since.

My password was just a single word, eight letters long, so I guess they use some sort of generator to crack these things? I don't know, very strange.

Most annoying part is getting responses from tonnes of people I had not spoken to in ages asking if they were supposed to open the e-mail. :\

KT

 

[seepy83]

This happened to my Gmail account a little while back. All went through my sent mail. I went to the 'details' on my account and it showed someone signed in from Texas, which was the issue. Hit "sign out all other sessions", it killed that session, then I changed my password to something very strong and have been fine ever since.

My password was just a single word, eight letters long, so I guess they use some sort of generator to crack these things? I don't know, very strange.

Most annoying part is getting responses from tonnes of people I had not spoken to in ages asking if they were supposed to open the e-mail. :\

KT

You should consider enabling Google 2-Step for your gmail account.

 

[KeithTalent]

You should consider enabling Google 2-Step for your gmail account.

I have now actually. Kind of a pain in the ass at times, but probably worth it since that Gmail account is tied to my phone and whatnot now.

KT

 

[notposting]

I have seen several other people's Yahoo accounts get compromised over the years, a friend of mine had his Gmail get compromised from Japan last year.
This week my Yahoo account got accessed from Japan also...luckily one of the contacts was entered incorrectly, so I got the failure response email on my phone within minutes, logged in, changed my (5 digit, probably from 98-99 also) password, and ended up changing my Amazon login also (same password, and I used to have it linked to that email).

No sent mail record though...sneaky bastards.

 

[SagaLore]

Yes i reckon it was...... A friend of mine on yahoo had his gotton 2 times!!!!!! -- BOTH TIMES HE CHANGED HIS PASSWORD!!

How is this able to be done??

Then his machine is probably compromised. Some form of rootkit or bot.

 

[SagaLore]

I have seen several other people's Yahoo accounts get compromised over the years, a friend of mine had his Gmail get compromised from Japan last year.
This week my Yahoo account got accessed from Japan also...luckily one of the contacts was entered incorrectly, so I got the failure response email on my phone within minutes, logged in, changed my (5 digit, probably from 98-99 also) password, and ended up changing my Amazon login also (same password, and I used to have it linked to that email).

No sent mail record though...sneaky bastards.

Your account might not have been compromised at all - your email address may have been harvested elsewhere and just used as a forged sender.

edit: oh nevermind, I re-read it and saw that it had been logged into from japan. oops.

 

[bononos]

......
My password was just a single word, eight letters long, so I guess they use some sort of generator to crack these things? I don't know, very strange.

Most annoying part is getting responses from tonnes of people I had not spoken to in ages asking if they were supposed to open the e-mail. :\

KT

If hotmail's hashes were stolen then crackers can take their time to crack them offline with a brute strength/dictionary attack, in which case your password is vulnerable since its only a single word even if its a very obscure one which can be looked up in a dictionary.

But hotmail does use some sort key lengthening method iirc to make their hashes more secure. I would check pc for malware like keyloggers or maybe you fell for a phished url.

I made a thread earlier about good password lengths and found out that anything under 10 chars is iffy and 16-20 char passphrases should be sufficient until something big happens in the world of cryptography.

 

[alpha88]

As mentioned here numerous times, you need to make new longer passwords.

When you start using longer passwords, it helps to use a password manage. I use KeePass, with my password file stored on SkyDrive and a USB drive attached to my keys. This lets me access it anywhere.

I don't recommend using randomly generated, since they can be harder to type and there are times when you'd like to be able to remember it without using KeyPass.

My general strategy involves using a base password, which I preface with site name and some surrounding symbols.

So if my base password is "P4ssW0rd", then, my anandtech password would be something like: a@#$AnandTech%^&P4ssW0rd

I have a set of protocols on how I format it based on password requirements, so if I'm logging in somewhere, I can always check what their password requirements are to remind myself how to format it (for the case when length or symbols are limited).

I find this strategy to work well as the passwords are unique per site, memorable to myself and I imagine are long and complex enough to provide cryptography security.

 

[OnePingOnly]

As mentioned here numerous times, you need to make new longer passwords.

When you start using longer passwords, it helps to use a password manage. I use KeePass, with my password file stored on SkyDrive and a USB drive attached to my keys. This lets me access it anywhere.

I don't recommend using randomly generated, since they can be harder to type and there are times when you'd like to be able to remember it without using KeyPass.

My general strategy involves using a base password, which I preface with site name and some surrounding symbols.

So if my base password is "P4ssW0rd", then, my anandtech password would be something like: a@#$AnandTech%^&P4ssW0rd

I have a set of protocols on how I format it based on password requirements, so if I'm logging in somewhere, I can always check what their password requirements are to remind myself how to format it (for the case when length or symbols are limited).

I find this strategy to work well as the passwords are unique per site, memorable to myself and I imagine are long and complex enough to provide cryptography security.

Fuckers. My unused Yahoo account was use to send spam this past week. Saw the message failure delivery and quickly changed my password but it was a pain in the ass. My password was pretty hard, too. I had to change the password via AT&T since I merged my Yahoo account with my SBC (now ATT) account nearly 10 years ago. That was a real PITA.

Someone logged in from Argentina but I'm sure they were using a proxy. Had all sorts of personal info in my inbox but deleted everything now.

Yahoo is shit.

 

[lxskllr]

Yahoo is shit.

Seems like Yahoo always has issues. Scams, thefts, and spam. Yahoo brings it all :^S