I had an experience today which has really caused me some concern with regards to security. A received a notification from Yahoo stating that one of the email addresses that I do not use was breached, that there was a successful login. My very first thought is that this was a scam trying to get me to click through on the links to get my password.
I opened up a new tab in my browser and manually went to the Yahoo Mail page and opened up my email. Sure enough, it was obvious it had been comprised as there were emails in my Sent folder that I did not send. As a matter of fact, I probably hadn't logged into that email in months.
I'm not so concerned with this email address and I may eventually shut it down, it's basically just a 'portal' to create a Yahoo Messenger account with a little more privacy. The bigger question is how did this breach happen. Now, I will say this, the password that I used for this email was a very standard password that I had used in the past on other sites. However, there would be no way for someone to tie this email account to me, so it's not as if someone knew this password, that they'd be able to associate the password with this email address.
The second thing that I thought of was that maybe I had malware on one of my computers and it had captured the password as I had typed it in and silently emailed it out. However, it's not that either, as I don't use the email address and probably hadn't logged in, in the past few months.
I then thought that maybe it was a brute force attack using software to generate passwords from the dictionary, but I don't think that's it either, as after a certain number of unsuccessful attempts, the account would have been locked.
I come back to someone, somehow knew not only my password but also the email address which normally wouldn't be associated with me.
This is more than a bit concerning. I think that I will need to go through my login ID and clean them up and start taking password security a little more seriously.
I opened up a new tab in my browser and manually went to the Yahoo Mail page and opened up my email. Sure enough, it was obvious it had been comprised as there were emails in my Sent folder that I did not send. As a matter of fact, I probably hadn't logged into that email in months.
I'm not so concerned with this email address and I may eventually shut it down, it's basically just a 'portal' to create a Yahoo Messenger account with a little more privacy. The bigger question is how did this breach happen. Now, I will say this, the password that I used for this email was a very standard password that I had used in the past on other sites. However, there would be no way for someone to tie this email account to me, so it's not as if someone knew this password, that they'd be able to associate the password with this email address.
The second thing that I thought of was that maybe I had malware on one of my computers and it had captured the password as I had typed it in and silently emailed it out. However, it's not that either, as I don't use the email address and probably hadn't logged in, in the past few months.
I then thought that maybe it was a brute force attack using software to generate passwords from the dictionary, but I don't think that's it either, as after a certain number of unsuccessful attempts, the account would have been locked.
I come back to someone, somehow knew not only my password but also the email address which normally wouldn't be associated with me.
This is more than a bit concerning. I think that I will need to go through my login ID and clean them up and start taking password security a little more seriously.
No comments:
Post a Comment