Wednesday, July 26, 2006

the hacking incident

Here is the full account of the hacking made on my yahoo account.

June 20, 2006, between 3:45PM to 4:00PM, while surfing the net with my yahoo messenger signed in, I was automatically signed out with a message saying that I was logged out because I signed in on another device. I tried signing in again but my password did not work anymore. The hacker already changed my password.

First thing I did was to go to the "Forget Password" page of Yahoo. From there, I input all the necessary details they need. But I got this error message: "You must match the information stored in your Yahoo! account." I tried many times, but to no avail.

Then later, I checked my gmail account, which is fortunately, a registered alternate e-mail address of my Yahoo! account. From there, I found two e-mail messages from Yahoo Services. Here are the e-mail messages.

First e-mail. I will refer to this e-mail as e-mail number 1.
From: Yahoo! Member Services
To: My Gmail Account
Date: Jul 20, 2006
3:39 PM
Subject: Your new requested Yahoo! password. Please reset your
password now.

You recently requested a new password to sign in to your Yahoo! account.

Your new password is: tile409pod171

We encourage you to sign in now and change this password to something you can remember.
Here's what to do:

Sign in here using the automatically generated password above. You will then be prompted to change your password. http://edit.yahoo.com/config/change_pw?.intl=us

Please note: To avoid sign-in problems, please make sure that cookies are enabled
in your browser and that the date and time are set correctly on your system clock.

***************************************************************
You can always change your password by following these steps:

1. Sign in to any Yahoo! service
2. Click on any "Account Info" link
3. Choose "Change Password"

If you cannot find an "Account Info" link, you can sign in to My Yahoo!
(http://my.yahoo.com) and you'll find it in the upper right corner.


[]

Second e-mail. I will refer to this as e-mail number 2.
From: Yahoo
Mailed-By: Yahoo
Reply-To: Yahoo, Yahoo! Member Services
To: My Gmail account
Date: Jul 20, 2006 3:40 PM
Subject: Password
changed

Your Yahoo! ID is: marhgil
Your password for this account has recently been changed. You don't need to do anything, this message is simply a notification to protect the security of your account.

Please note: your new password may take awhile to activate. If it doesn't work on your first try, please try it again later.

DO NOT REPLY TO THIS MESSAGE. For further help or to contact support, please
see http://help.yahoo.com/help/edit/

***************************************************************
You can always change your password by doing the following:

1. Sign in to any Yahoo! service
2. Click on any "Account Info" link
3. Choose "Change Password"

If you cannot find an "Account Info" link, you can sign in to My Yahoo!(http://my.yahoo.com) and you'll find it in the upper right corner.


[216.150.191.2]

My reaction, I thought that somehow, I succeeded in resetting the password, that's why I received these e-mails. So, I tried the password sent to me, but to my dismay, it did not work. Then, I searched Yahoo!, checking why they sent me a new password that did not work. And I got the explanation here. It says there that I need to wait 24 hours.

So, I waited.

July 21. I tried signing in on the morning. Still, I received an invalid username and password message. Then, I tried signing in after lunch, same error message. Then, I tried around 4:00PM. Same error message. That is the time that I told myself that this is not gonna work. 24 hours had passed and still, I can't log-in.

So, I started my investigation again. I have another yahoo account. I tried changing my password there. And I received the same e-mail as e-mail number 2. Hmm, so, that is the e-mail sent by Yahoo everytime someone changes his password. And the IP address [216.150.191.2] is the IP address of the person requesting the change of password. Only then that I realized that..

1. I did not succeed in resetting the password as what I have thought.
2. I received e-mail number 1 because someone reset my password other than me.
3. I received e-mail number 2 because my password was changed by someone other than me.

These are the reasons why after 24 hours, the new password did not work. Because it was already changed by the hacker. And how did the hacker reset my password? Simple! He used the "Forget Password" page. But how? He was able to reset my password because he knows the important information needed in order to reset my password! Only then that I realized that all information needed to reset my password are available on my resume! Even the secret question! See.. these are First Name, Last Name, Zip Code, Country, Province, Birthdate and the secret question, "What is your city of birth?" I did not realize that this one is easy to guess. I should have chosen "What is your pet's name?" Someone must have had a copy of my resume, and tried resetting my password using the details there! And he succeeded! That's why I received email number 1, and then, he changed my password, that's why I received e-mail number 2.

So, what did I do? Realizing that this was what really happened, after searching more on Yahoo, I found this page and selected the "Report an email alerting me of password change I did not make." Yahoo sent me an auto-reply e-mail informing me on how to reset the password. Again?? So, I replied to them telling them that I already tried it but it doesn't work anymore. Maybe, the hacker already changed my personal information. The e-mail also informed me that the original personal information that I entered when I signed-up for a yahoo account were still stored on their database, which means that they can still verify my identity and my claim that my yahoo account was hacked. They asked for this personal information. Well, I know that I entered honestly all my personal information when I signed-up for a Yahoo account, so it was easy for me. Except that I already forgot the Secret Question I chose when I signed up. So, I told them that if they still doubt my identity, they should send me the Secret Question and I will give them my Secret Answer.

I got a reply on July 22 from James of Yahoo Security Center. Now I'm dealing with a real person, not auto-replies from Yahoo. I was able to read the reply on July 25. He gave me the Secret Question, and I easily answered it. Then, later today, July 26, I finally received an e-mail from them informing me that they already reset the password of my account.

That's it. After signing-in, I changed my password and changed some of my personal information. I made sure that this information is not available on my resume or any public documents that I submit to any company or agency.

“Every experience brings out something good. Good times could be good memories. Bad times could be good lessons. You never lose, you only gain from life. It is just a matter of perspective.� - Textmates #31

That's all folks!

Note: E-mail addresses were removed for security purposes. Forgive my English, hindi ako sanay mag-English sa blog! Hahaha!

5 comments:

lheeanne said...

So congratulations!!! ang galing nman nung hacker na un pero mas magaling ka... heheh!!! at tlgang love mo ang account mo kc u spend a lot of time fixing it... saludo ako!

Anonymous said...

insan ko yata yan,
gleng gleng naman!
tuloy ang saya insan!
at naipadala ko na
ang dapat ipadala,
WOOHOOOOOO!!!!!!!!!!

SarubeSan said...

nagiwan ako ng message sa YM mo kako EB kami nung hacker..heheeh..lesson: wag gagamit ng public pc. moblog nalang kayo pag uupdate ng blog..;)

Anonymous said...

wa ako ma-say!

Anonymous said...

Mga dalawang taon na ang nakalipas meron ako na receive na e-mail on how to hack a yahoo or hotmail password. Ang trick is to trick the yahoo system na ang nagrerequest (na hacker) ay admin. Kaya dalawa ang e-mail confirmations na na-receive mo.

Pero noon pa iyon at di ko alam kung possible nga plus malaking company ang YM so malakas din ang security policy nila. Di ko na rin alam kung nasaan yong copy ng e-mail at kung kanino galing.

Pero, kung i se-search mo sa google, "how to hack a YM or Hotmail passwords" meron ka makikita na nag ooffer ng service for a fee to do just that. Pero baka hoax o scam lang ito.

With vemsam's comment, if you will use public internet or even your pc, make sure you clear the cache and content/Personal info after you are done with the net.