-
June 14th, 2004, 09:04 PM
#1
Senior Member
Yahoo email account comprimised by secret question
My girlfriend has had an email account with Yahoo for awhile. Within the past few days we have learned that her ex-husband has been into her account reading and sending emails. How we noticed was the password had been changed by the means of the secret question. She choose, "What is your father's middle name?". Which wasn't really hard for him to type in and get a new password. So there's a good security tip for everyone. Don't choose an easy question that someone could easily figure out, especially if they know you. I choose, "What was your childhood hero?" Heh, I don't remember what I put. Anyways, back to my issue. I searched on Yahoo's site forever looking for an option or link or any info about changing your secret question. Does anyone know if this possible? If so, please post any relevant info and point me in the right direction. I'm hoping the only solution will not be to abandon her email account and create a new one, because it would be an inconvience for an old email account to change accounts everywhere on the web and notify everyone in your address book. If we contacted Yahoo, would they be able or willing to help out in any way? Is there some other solution I'm looking over?
TIA
Speak softly and carry a big stick; you will go far. - Theodore Roosevelt
-
June 14th, 2004, 09:09 PM
#2
-
June 14th, 2004, 09:14 PM
#3
gee,ya think dolemite?lol,jk,but yes choosing an easy question is as deleterious as putting your username as your password.I dont think Yahoo allows you to change your question,they used to have a default list when I checked it last,its been a while though,so I'm not very sure.
Hmmm,and to get the account back you're going to need the password,sure he's changed the question too?pretty ironical if you get the account back like that lol,or you could just inform yahoo,but I doubt they'd listen
-
June 14th, 2004, 09:21 PM
#4
Banned
first your problem, i would contact yahoo if i were you and tell them what happened... check the faq or the link posted above...
as for the whole compromise by secret question 'hack', i tried it once on yahoo mail using the forgot your password form where you need your bate of birth, zip code, and state of residence but couldn't get it... after every 5 tries the account would lock up for about 20-30 mins and i would have to wait, in the end i couldnt get it and gave up on the whole idea =), but im assuming if i had picked a target and researched it wouldnt be that hard to answer a secret question or figure out much of the information needed to reset an account password
-
June 14th, 2004, 09:33 PM
#5
Hi,
Within the past few days we have learned that her ex-husband has been into her account reading and sending emails. How we noticed was the password had been changed by the means of the secret question
How can you be sure? I don't know anything about Yahoo mail, but do you need the secret question to change the password?
What I am wondering is that there might be one of those "loverspy" scumwares at work here? You know the sort of things..............keylogging, forwarding e-mails, password stealing and the like?
What I don't quite understand is why the password was changed, surely that would lock the original user out of the account, AND advertise the security breach, not what one would usually associate with a spying exercise?
Or is this just a crude identity theft/let's p1$$ someone off thing?
I might sound paranoid, but I would still check very thoroughly for trojans, spyware and such..........this could be a smokescreen to lull you into a false sense of security? Like he might have attached a stealthy "nasty" to an e-mail from someone she trusts (he would obviously know them)
The lack of subtlety confuses me, I suggest that you err on the side of caution.
Cheers
Cheers
-
June 14th, 2004, 09:37 PM
#6
I don't mean to sound demeaning, but did you try to take control of the account back?
What I mean is: did you try to enter the previous answer to the secret question - Her father's middle name - to see if the person might not have changed it?
Above ground, vertical, and exchanging gasses.
Now you see me | Now you don't
"Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
sometimes my computer goes down on me
-
June 14th, 2004, 09:38 PM
#7
Banned
Originally posted here by nihil
How can you be sure? I don't know anything about Yahoo mail, but do you need the secret question to change the password?
Nope, although my 'hack' never worked, I know for a fact that you don't need the secret question to change it, you have to fill out very basic info at the link found below:
http://edit.yahoo.com/config/eval_fo...stepid=&.last=
-
June 14th, 2004, 10:02 PM
#8
Thanks, madjag291,
That does not look very tight to me when you are dealing with "the enemy within"
My approach would be:
1. Thorough check for spyware on the PC
2. Change e-mail account, preferably to a different provider, and only give the info. to people you can trust.
3. Change password and secret question on old account (you don't want to have your ID stolen) or, preferably, ask Yahoo to close it............tell them about the identity theft concern.
It doesn't look as if the secret question was required, unless this was how they got the password in the first place?
And if you managed to get back into the account after the password and secret question were changed, that should tell you enough about the security to go and get another mail service provider.
Just my thoughts
-
June 14th, 2004, 11:14 PM
#9
go and get another mail service provider
and never send the "ex" an email from it..... because they will probably use a similar system for authentication.....
As a note:
When you use "free" email systems that ask you for the "secret" question _never_ _ever_ give the correct answer to the question.... People who know you, and you trust, will be able to guess them..... You may not be able to trust them tomorrow - it's a fact of life, live with it....
It's not hard.... All questions get the same answer.... It's like a backup/secure password....
Q: Your Mother's Maiden Name
A: 2L33t4U
Q: Your First Pet's Name
A: 2L33t4U
etc......
Now, I want to see your "ex" yelling 2L33t4U when the dog runs after the neighbors cat....
Snail mail still has it's uses.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|