cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
jazznorthwest
Aspiring Contributor
913 Views
Message 671 of 990

Re: BT email accounts hacked

Having been on the receiving end of several hacked accounts, I can say that Hotmail is slightly ahead on the hacked accounts front, and I have always assumed this problem was down to poor passwords.  I myself have been severely affected from a different aspect as a genuine user, presumably because of the changes not identified in the amended terms and conditions.  I am trying to send out about 360 genuine emails to registered accounts on my web site.  The first problem I encountered was that the server started to reject my emails once I sent 200, and I couldn’t send any more for an hour.  A call to BT confirmed that this was to prevent spamming.  OK I got round that as I have two BT email addresses and so I split the load. Then followed the real torment. I would find next day that both my email accounts were locked out!  I had to access via webmail and was forced to change my password. This meant the passwords had to be changed on my phone, tablet, laptop, iPod, and for access to Yahoo Messenger and BT Openzone.

 

I would have thought that as my bulk mail program logged in securely with the correct name and password for each email that it wouldn’t have been identified as “Unusual Activity” but that’s why it was locked out. I rang BT and was told, “You need to change your security question”, although I couldn’t see why that should make any difference, but I tried it.  Of course it made no difference. Next phone call I’m advised that I have to disconnect every 50 emails, and remake the connection. I ask how long  between these events and am told I can re-connect straight away. I had set a 5 second wait every 25 emails, but was told that was not sufficient. When I came off the phone and checked my software, I discovered that not only did it wait 5 seconds every 25 emails, but it automatically disconnected and reconnected 5 seconds later, so, so much for that suggestion.

 

To add insult to injury, I am paying BT to host my web site, and now I am prevented from sending out legitimate emails to support it.

 

Fred

0 Ratings
Reply
885 Views
Message 672 of 990

Re: BT email accounts hacked

@woodmj wrote:
Does posting here report it to BT? I assume there's no point ringing up about it?

 


Mod SeanD said on p 65
We are reading all your comments and using this to help us with the on-going investigation.

............

 

We’re also continuing to work with Yahoo to investigate the issue, including passing on this feedback. .......

 

From the forum, we have been monitoring the issues that our customers have been raising .........

 

That's 3 times he said that in one post, so does that make it 3 times more likely that they really are reporting back and that techies somwehere are analysing ALL the data reported here as thoroughly as the expert forum contributors?

 

he doesn't make it clear just who "we" is, and where the analysing and interpreting is taking place.

 

We have not responded to speculation or rumour whilst the investigation continues but will share updates as we have them.

 

What a poor reflection on BT that there is still speculation and rumour. If BT had shown some duty of care months ago, maybe there would be none of that, just facts, and a solution.

 

Here's more "speculation and rumour" from another forum:

The hacks are done by hijacking Yahoo cookies (and always, as I understand it, from HIM visiting a dodgy website). Once logged in with his Yahoo profile using the cookie they would have access to ALL these webmail accounts and not needing to know the actual password.


Pass that on please Sean, and please tell us what Bruce Schneier, BTs Chief Security Technology Officer, makes of that. That would explain the repeat hacks despite p/w change that have been reported here

 

 

0 Ratings
Reply
drsox
Contributor
869 Views
Message 673 of 990

Re: BT email accounts hacked

I have to say that the volume of it and how the mobile client seems to be the first login in almost every case makes me think it is also something stupid like an authentication token collission problem.

I'd take a guess that the mobile client or website uses authentication session hashes that can be easily collided with.. hackers just spam requests to Yahoo with random hashes and see if they get in... maybe the mobile API doesn't have a "tries" limit and once they get in they just copy the cookie to a desktop computer and start spamming.

 

Wish Yahoo were being more open about it and were explaining what was going on. Maybe they don't even know?

Tom - Mouselike
0 Ratings
Reply
srm9861
Contributor
811 Views
Message 674 of 990

Re: BT email accounts hacked

If you were to Google for 'Yahoo hacked' the only recent stories are by Yahoo news about other companies being hacked.

 

PERHAPS THEY SHOULD LOOK A LITTLE CLOSER TO HOME.

 

http://www.ehackingnews.com/search?q=yahoo&x=0&y=0

0 Ratings
Reply
Distinguished Sage
Distinguished Sage
804 Views
Message 675 of 990

Re: BT email accounts hacked

Just found that my btinternet.com account was hacked this morning at 7.15am from Russia on Yahoo Mobile. The email sent was  ........wildspirit.sk/wp-content/plugins/akismet/Obesity.php?125...... 

 

So much for Yahoo sorting this out.

 

 

EDIT: I had only one contact in my contacts and this was there so that if my account was hacked it would send to that address which it did and thus alert me that the account had been hacked. On checking the hacked account there was NOTHING in the sent emails box.

0 Ratings
Reply
Distinguished Sage
Distinguished Sage
774 Views
Message 676 of 990

Re: BT email accounts hacked

On a lighter note, Maybe the hacker is trying to help out Yahoo customers. If he hacks our accounts at least once every 150 days it will save us falling foul of Yahoo's new Terms & Conditions !!

0 Ratings
Reply
Taffy078
Expert
762 Views
Message 677 of 990

Re: BT email accounts hacked

Very funny gg30340!! We need some humour - this really is a pain in the proverbials, and very frustrating
0 Ratings
Reply
Distinguished Guru
655 Views
Message 678 of 990

Re: BT email accounts hacked


@FloFosterJenkins wrote:
@woodmj wrote:
Does posting here report it to BT? I assume there's no point ringing up about it?

 


Mod SeanD said on p 65
We are reading all your comments and using this to help us with the on-going investigation.

............

 

We’re also continuing to work with Yahoo to investigate the issue, including passing on this feedback. .......

 

From the forum, we have been monitoring the issues that our customers have been raising .........

 

That's 3 times he said that in one post, so does that make it 3 times more likely that they really are reporting back and that techies somwehere are analysing ALL the data reported here as thoroughly as the expert forum contributors?

 

he doesn't make it clear just who "we" is, and where the analysing and interpreting is taking place.

 

We have not responded to speculation or rumour whilst the investigation continues but will share updates as we have them.

 

What a poor reflection on BT that there is still speculation and rumour. If BT had shown some duty of care months ago, maybe there would be none of that, just facts, and a solution.

 

Here's more "speculation and rumour" from another forum:

The hacks are done by hijacking Yahoo cookies (and always, as I understand it, from HIM visiting a dodgy website). Once logged in with his Yahoo profile using the cookie they would have access to ALL these webmail accounts and not needing to know the actual password.


Pass that on please Sean, and please tell us what Bruce Schneier, BTs Chief Security Technology Officer, makes of that. That would explain the repeat hacks despite p/w change that have been reported here

 

 


Hi.

 

As already mentioned in this thread, the item in red above is not the method used in this - as it relies totally on all the people clicking poisened links, which just isn't the case. It also means that everyone has used a Yahoo! login, which again isn't true.

 

What forum was this posted in ?

 

There have been hacks done by that method.

 

Again I repost the idea that everyone hacked has something in common, including general Yahoo mail users - however what is that commonality ?

0 Ratings
Reply
Distinguished Guru
652 Views
Message 679 of 990

Re: BT email accounts hacked


@Taffy078 wrote:

Re my reference just now to page 25 of this topic, to go to a specific page I change the page number shown at the top of my screen to the page I'm looking for - this works but is there any other way?


I've read the NZ attacks, and all of this thread - but the recent attack against BTYahoo! and Yahoo! in general isn't the same, and that relied on users clicking poisened links etc - all using a Yahoo! login. That just isn't the case here.

 

To link to a specific post, just click on the message number in the thread, and then that can be used as a link.

0 Ratings
Reply
Taffy078
Expert
524 Views
Message 680 of 990

Re: BT email accounts hacked

I posted on ‎11-05-2013 7h23, referring to the (highbrow technical) NZ article. Shortly afterwards, someone (a newcomer?), replied that what happened then was entirely different to what is happening now. He/she definitely said that ‘our’ incidents were caused by users clicking on a ‘poisoned link.

 

I thought at the time that that was complete nonsense – some who’ve posted here cancelled their BY email account years ago so I decided to reply this morning to ask him/her for evidenve backing up the claim. I also wanted to ask the author if he/she is a BT employee.

 

I’m puzzled – I can’t find that post now. Did I dream it up? Or has it been removed? Did anyone else see it?  Smiley Frustrated

0 Ratings
Reply