[kwlug-disc] OT: Hotmail/Yahoo account breakins

chaslinux at gmail.com chaslinux at gmail.com
Thu Feb 28 07:09:47 EST 2013 

It was indeed Gmail. I suppose it could have been a brute force password attack, my old passsword was less than 10 characters, but did contain a mix of character types.

Once I was notified I changed the password and set up 2 factor authentication. It seems there hasn't been a problem since. 
Blog: http://www.charlesmccolm.com/
www: http://www.rebuild-it.com/
Sent from my cell phone.

-----Original Message-----
From: unsolicited <unsolicited at swiz.ca>
Sender: "kwlug-disc" <kwlug-disc-bounces at kwlug.org>
Date: Thu, 28 Feb 2013 00:22:52 
To: KWLUG discussion<kwlug-disc at kwlug.org>
Reply-To: KWLUG discussion <kwlug-disc at kwlug.org>
Subject: Re: [kwlug-disc] OT: Hotmail/Yahoo account breakins

When it happened to you, this was on your gmail account?

i.e. From prior in the thread, this seems to have been more prevalent 
recently with hotmail / yahoo / rogers. And also from earlier in the 
thread, it is expected that the XSS attack vectors (code) aren't 
precisely the same between providers. So, your message is the first to 
add gmail to the list - if it was your gmail you are talking about here.

Given you sent this via your cell, that seems to be adding Android (I 
presume) to the list of in play current victims? XSS even?

An earlier comment alluded to gmail appearing to be better at spam 
control, is -part- of the solution here to ditch hotmail / yahoo / 
rogers? (Let alone focus on using firefox and associated addons, vs 
other browsers available out there?)

On 13-02-27 10:55 PM, chaslinux at gmail.com wrote:
> I've noticed the same and had people come in asking what to do about
> all the spam they've been getting from friends. (and I too sent out
> some spam a couple of weeks back, likely cross side scripting. Oddly
> only a few contacts got sent spam, not the hundreds in my gmail
> address book)
>
> Much of what I've been seeing is link spam. Blog:
> http://www.charlesmccolm.com/ www: http://www.rebuild-it.com/ Sent
> from my cell phone.
>
> -----Original Message----- From: Rashkae <rashkae at tigershaunt.com>
>
> On 02/27/2013 10:17 PM, John Kerr wrote:
>
>> Is this a bigger problem than anyone inside or outside of Yahoo
>> Hotmail wants to admit to? I ask rhetorically.

So much for rhetorical?

> There has been a really big problem that started about midway last
> week.. Usually, I get one or two people on my client list per year
> with a compromised e-mail account.  But as of last week, just about
> everyone I know with Yahoo (Rogers) accounts has been hit.
>
> One of them didn't even ever use (or know they had) webmail (POP
> only), so it probably wasn't the XSS exploit most people seem to be
> assuming at play.  I've had no luck finding anyone able/willing to
> explain this latest tsunami of compromised e-mail accounts.

_______________________________________________
kwlug-disc mailing list
kwlug-disc at kwlug.org
http://kwlug.org/mailman/listinfo/kwlug-disc_kwlug.org

More information about the kwlug-disc mailing list