Yahoo! Mail Accounts Hacked
Wednesday, June 22, 2011 // by Hacking Beast Editor //
Labels:
annonymus,
Cyber News,
google,
yahoo
//
0
comments
Yahoo! Mail Accounts Hacked
For two days in late May, a maths teacher was inundated with calls from all over the world asking if she had run into trouble in Spain. Zita Loh, 60, who was all the while in Singapore, then learnt that her Yahoo! e-mail account had been hacked.
More than 50 former students and friends had called from as far as the United States, Canada, China, Hong Kong and Indonesia to ask if she was all right. They were responding to an e-mail sent from her Yahoo! account asking for money to be wired to her as she had run into trouble in Spain.
They, and Loh, were victims of the latest Internet scam making its rounds.
The 'stranded-in-Spain' scam hit other Yahoo! Mail users here too, although it is not known how widespread the problem is as Yahoo! declined to reveal how many accounts were compromised, or what the hackers did.
Some affected users said they saw unauthorized entries from overseas like Nigeria and the Philippines through a feature on Yahoo! Mail that tracks recent login activities.
Two weeks ago, Google discovered and disrupted a similar effort to steal hundreds of Gmail passwords and monitor accounts of prominent people around the world, including government officials.
In the latest scam, the contacts of hacked Yahoo! Mail account victims received a two-paragraph e-mail message saying the victim had misplaced his or her wallet in Spain and needed €2,450 for hotel bills and a flight home.
None of Loh's contacts sent money. 'But my cellphone and house phone rang non-stop,' the freelance Math Olympiad teacher said. She was locked out of her Yahoo! account for two days as the hacker had changed her password. But she recovered her account on June 1 after several unsuccessful attempts at resetting the password.
Loh recalled having logged into a public computer in Changi Airport in March to check her e-mail and was unsure if she had logged off.
Fortinet, a security software firm, cautioned users against using public terminals. Keylogging software may be put into public computers by hackers to record keystrokes, including strong passwords, said its senior security strategist Derek Manky. The captured information can then be sent surreptitiously to a remote location. He said it was possible someone could have installed a keylogging software in the public computer at Changi Airport.
A Changi Airport spokesman said the airport takes proactive steps to ensure public computers are secured against malicious software. These include locking the central processing units to prevent tampering and installing up-to-date security programs to detect the presence of such software.
'When using public computers, users should remember to log out from the computer immediately after use. This will prevent another user from gaining access to the data if the session is still active,' the spokesman added.
Passwords might also be leaked through phishing, a practice where users are tricked into revealing sensitive details by a seemingly legitimate e-mail sender, such as a Yahoo! Mail administrator.
Late last month, a 59-year-old housing agent who wanted to be known only as G. C. Lee, was unable to log into her e-mail account for several hours. She only recovered the account a few hours later after resetting the password. As in Loh's case, her friends received e-mail from the compromised account asking for money to be wired to Spain. Luckily, no money was sent. However, her contact list was completely wiped out.
Using a feature that tracks recent login activities, she found that someone had accessed her account from Nigeria and the Philippines.
A Yahoo! spokesman in Singapore urged users to change, and use, stronger passwords with a mix of upper and lower cases as well as numbers if they believed their accounts were compromised.
The Straits Times understands that no one has yet been charged with hacking into the accounts of Singapore users from overseas. The Computer Misuse Act can only be enforced on crime committed in Singapore. Offenders face fines of up to $5,000 and/or jail terms of up to two years
0 comments: