Yahoo email account comprimised by secret question
Results 1 to 9 of 9

Thread: Yahoo email account comprimised by secret question

  1. #1
    Senior Member
    Join Date
    Nov 2001
    Posts
    108

    Yahoo email account comprimised by secret question

    My girlfriend has had an email account with Yahoo for awhile. Within the past few days we have learned that her ex-husband has been into her account reading and sending emails. How we noticed was the password had been changed by the means of the secret question. She choose, "What is your father's middle name?". Which wasn't really hard for him to type in and get a new password. So there's a good security tip for everyone. Don't choose an easy question that someone could easily figure out, especially if they know you. I choose, "What was your childhood hero?" Heh, I don't remember what I put. Anyways, back to my issue. I searched on Yahoo's site forever looking for an option or link or any info about changing your secret question. Does anyone know if this possible? If so, please post any relevant info and point me in the right direction. I'm hoping the only solution will not be to abandon her email account and create a new one, because it would be an inconvience for an old email account to change accounts everywhere on the web and notify everyone in your address book. If we contacted Yahoo, would they be able or willing to help out in any way? Is there some other solution I'm looking over?

    TIA
    Speak softly and carry a big stick; you will go far. - Theodore Roosevelt

  2. #2
    I'd rather be fishing DjM's Avatar
    Join Date
    Aug 2001
    Location
    The Great White North
    Posts
    1,867
    DjM

  3. #3
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400
    gee,ya think dolemite?lol,jk,but yes choosing an easy question is as deleterious as putting your username as your password.I dont think Yahoo allows you to change your question,they used to have a default list when I checked it last,its been a while though,so I'm not very sure.
    Hmmm,and to get the account back you're going to need the password,sure he's changed the question too?pretty ironical if you get the account back like that lol,or you could just inform yahoo,but I doubt they'd listen

  4. #4
    first your problem, i would contact yahoo if i were you and tell them what happened... check the faq or the link posted above...

    as for the whole compromise by secret question 'hack', i tried it once on yahoo mail using the forgot your password form where you need your bate of birth, zip code, and state of residence but couldn't get it... after every 5 tries the account would lock up for about 20-30 mins and i would have to wait, in the end i couldnt get it and gave up on the whole idea =), but im assuming if i had picked a target and researched it wouldnt be that hard to answer a secret question or figure out much of the information needed to reset an account password

  5. #5
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi,

    Within the past few days we have learned that her ex-husband has been into her account reading and sending emails. How we noticed was the password had been changed by the means of the secret question
    How can you be sure? I don't know anything about Yahoo mail, but do you need the secret question to change the password?

    What I am wondering is that there might be one of those "loverspy" scumwares at work here? You know the sort of things..............keylogging, forwarding e-mails, password stealing and the like?

    What I don't quite understand is why the password was changed, surely that would lock the original user out of the account, AND advertise the security breach, not what one would usually associate with a spying exercise?

    Or is this just a crude identity theft/let's p1$$ someone off thing?

    I might sound paranoid, but I would still check very thoroughly for trojans, spyware and such..........this could be a smokescreen to lull you into a false sense of security? Like he might have attached a stealthy "nasty" to an e-mail from someone she trusts (he would obviously know them)

    The lack of subtlety confuses me, I suggest that you err on the side of caution.

    Cheers

    Cheers
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  6. #6
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Location
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Posts
    1,228
    I don't mean to sound demeaning, but did you try to take control of the account back?

    What I mean is: did you try to enter the previous answer to the secret question - Her father's middle name - to see if the person might not have changed it?
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  7. #7
    Originally posted here by nihil
    How can you be sure? I don't know anything about Yahoo mail, but do you need the secret question to change the password?
    Nope, although my 'hack' never worked, I know for a fact that you don't need the secret question to change it, you have to fill out very basic info at the link found below:

    http://edit.yahoo.com/config/eval_fo...stepid=&.last=

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Thanks, madjag291,

    That does not look very tight to me when you are dealing with "the enemy within"

    My approach would be:

    1. Thorough check for spyware on the PC
    2. Change e-mail account, preferably to a different provider, and only give the info. to people you can trust.
    3. Change password and secret question on old account (you don't want to have your ID stolen) or, preferably, ask Yahoo to close it............tell them about the identity theft concern.

    It doesn't look as if the secret question was required, unless this was how they got the password in the first place?

    And if you managed to get back into the account after the password and secret question were changed, that should tell you enough about the security to go and get another mail service provider.

    Just my thoughts
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    go and get another mail service provider
    and never send the "ex" an email from it..... because they will probably use a similar system for authentication.....

    As a note:

    When you use "free" email systems that ask you for the "secret" question _never_ _ever_ give the correct answer to the question.... People who know you, and you trust, will be able to guess them..... You may not be able to trust them tomorrow - it's a fact of life, live with it....

    It's not hard.... All questions get the same answer.... It's like a backup/secure password....

    Q: Your Mother's Maiden Name
    A: 2L33t4U

    Q: Your First Pet's Name
    A: 2L33t4U

    etc......

    Now, I want to see your "ex" yelling 2L33t4U when the dog runs after the neighbors cat....

    Snail mail still has it's uses.....
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides