Skip to content

Webmail login leaks (Google, Yahoo, Hotmail, Mail.ru)

Featured Replies

Wonderful, do you KNOW how many gmail accounts I run??

Just buy the data and find out if you're nailed. He's only charging 75p apparently

Just buy the data and find out if you're nailed. He's only charging 75p apparently

 

A couple of sources "suggest" it might not be genuine; I might wait to see if gmail issue an advisory.

  • Author

Wonderful, do you KNOW how many gmail accounts I run??

I'd have thought you'd have 2step enabled?

About a month ago I received around 40 texts from Google with reset codes. Clearly someone was trying to get into my account and couldn't get passed the 2step verification.

Which is surprising as my password is quite long, and contains enough letters, numbers & punctuation symbols to be pretty secure I would have thought - especially as it's only used for Google.

I do.

 

It is more likely something has been hacked; do you use the account via a mobile phone??

  • Author

I do.

It is more likely something has been hacked; do you use the account via a mobile phone??

Yes, it's android ;)

All my devices are logged in, so this was someone else trying to get in.

Yes, it's android ;)

All my devices are logged in, so this was someone else trying to get in.

 

I seem to remember reading recently,  about a big back door in all versions of Android; it could be someone managed to remotely access your phone and steal your log in details; I would check and change any other log ins you do from your phone as a precaution.

  • Author

I seem to remember reading recently, about a big back door in all versions of Android; it could be someone managed to remotely access your phone and steal your log in details; I would check and change any other log ins you do from your phone as a precaution.

Doesn't affect Marshmallow.

Besides I have an app to scan for malicious stuff. My phone hasn't been accessed remotely (which would require a rogue app).

Doesn't affect Marshmallow.

Besides I have an app to scan for malicious stuff. My phone hasn't been accessed remotely (which would require a rogue app).

 

Report I read (on El Reg I think), said it affected all version of Android.

 

Do you leave BT* switched on?? It can be used for a remote hack, ditto a fake Wifi hotspot can be set up to steal log in details; that is why I asked about a mobile - it is much easier to steal data from than a home PC or from the email server.

 

* A LOT of devices still use a hard wired 0000 or 1111 for BT password; insane!!!

If this is real it's too big a hack to have come from stealing individual credentials via BT it will have been a hit on a big DB server.

 

It may well be that this skiddy has just aggregated a bunch of Pastebin data, changed the dates on things and is trying to get some kudos.

 

I'm certainly not seeing any panic on official channels.

Edited by Aspman

  • Author

Report I read (on El Reg I think), said it affected all version of Android.

Do you leave BT* switched on?? It can be used for a remote hack, ditto a fake Wifi hotspot can be set up to steal log in details; that is why I asked about a mobile - it is much easier to steal data from than a home PC or from the email server.

* A LOT of devices still use a hard wired 0000 or 1111 for BT password; insane!!!

It's none of this.

It's none of this.

 

Ok

 

But any of the above are more likely than someone guessing your password.

I spotted the article and like others saw it as a story for slow news days. Then I got something from a Google account, and then the fun began. I've two Yahoo accounts( and the report mentioned Google/Yahoo and another provider) ,with Swimbo having another, and all use one of mine as a reset address. Good old Yahoo, lived up to it's reputation. I changed all three pass words and then mail passwords on the PC.

Tried a mail logon- password not right, on two, and certainly did not match my Notepad record, which I'd copied & pasted  .Then tried a password reset using reset address. Fortunately I could access the reset address on line. Approx 1.5 hours later ,I could access all three accounts from Windows Mail on PC. Only another three to go. Strange how ISP like Totalserve ( AKA Madasafish) never get these hacking problems.

I spotted the article and like others saw it as a story for slow news days. Then I got something from a Google account, and then the fun began. I've two Yahoo accounts( and the report mentioned Google/Yahoo and another provider) ,with Swimbo having another, and all use one of mine as a reset address. Good old Yahoo, lived up to it's reputation. I changed all three pass words and then mail passwords on the PC.

Tried a mail logon- password not right, on two, and certainly did not match my Notepad record, which I'd copied & pasted  .Then tried a password reset using reset address. Fortunately I could access the reset address on line. Approx 1.5 hours later ,I could access all three accounts from Windows Mail on PC. Only another three to go. Strange how ISP like Totalserve ( AKA Madasafish) never get these hacking problems.

 

Or maybe they do, but dont tell you.

 

Anyone else get a Kiddcare email yesterday?? This hack might explain a few of the highly detailed email scam letter people have reported over the last few months.

 

The hack occurred over 6 months ago, yet they only tell people now........

  • 4 months later...

Yahoo attack worse than first thought

http://www.bbc.co.uk/news/world-us-canada-37447016

If you didn't, time to change those passwords....

 

The courts should throw the book at them; they were flatly denying ANY hack for months, then claimed it was only minor for LONG after every remaining Yahoo account holder on the planet had had their account hacked.

 

Mine was hacked, not that it mattered, I had only used it for forwarding mail to another account, and hadnt actually logged in for over 10 years, so the password was completely different to any I run now.

Yahoo attack worse than first thought

http://www.bbc.co.uk/news/world-us-canada-37447016

If you didn't, time to change those passwords....

 

2yr ago.

 

Sits patiently to wait on explanation as to why Yahoo didn't notice for 2yr or knew and didn't say.

 

NnoGhN1.gif

 

Either way probably the end for Yahoo.

  • Author

Still amazes me the number of people who use the same password on multiple sites. Then wonder why they're hacked.

My email has had 2 step verification for a number of years, and now so does various other things like Facebook.

Cousin had her bank cleared a while back out because she used the same password for her email and icloud so they were able to nab all her passwords and reset her bank accounts whilst she slept. Then for fun sent remote wipe using the lost device feature to all her apple devices before wiping her icloud backups.

Hi all

the one thing I would recommend is to use one of the many small independent mail providers.

most push their available web space for your web page, but the majority have secure mail servers as well.

I have my own domain name which I can move should I not be happy with their service, but if you are worried about

mail security, its better to use a small provider .

Hackers love yahoo, google ect, as when they get in they can harvest thousands of accounts. 

Also when a smaller provider gets hacked they dont try to cover it up, its sorted quickly

Just my opinion, and nothing financial to gain from it

Richard

2yr ago.

Sits patiently to wait on explanation as to why Yahoo didn't notice for 2yr or knew and didn't say.

NnoGhN1.gif

Either way probably the end for Yahoo.

They're owned by verizon now who are renowned for not giving a crap about their customers.

Still amazes me the number of people who use the same password on multiple sites. Then wonder why they're hacked.

.

 

I use a password manager. Currently it has 40 entries. Good luck to anyone trying to remember 40+ separate passwords.

 

Passwords are a dated idea but until something better comes along best to advise people to use a password manager.

 

Although if you use a cloud one and it gets hacked you're proper ****ed.

I use a password manager. Currently it has 40 entries. Good luck to anyone trying to remember 40+ separate passwords.

 

Passwords are a dated idea but until something better comes along best to advise people to use a password manager.

 

Although if you use a cloud one and it gets hacked you're proper ******.

Win 10 asked me tome up with a PIN rather than a password. Nobody'll ever suspect it being 123456 will they?

Win 10 asked me tome up with a PIN rather than a password. Nobody'll ever suspect it being 123456 will they?

 

123456

 

Wot do you work for MI6 or summit

 

1234 for the masses!

Create an account or sign in to comment

Recently Browsing 0

  • No registered users viewing this page.

Important Information

Welcome to BRISKODA. Please note the following important links Terms of Use. We have a comprehensive Privacy Policy. We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

Account

Navigation

Configure browser push notifications

Chrome (Android)
  1. Tap the lock icon next to the address bar.
  2. Tap Permissions → Notifications.
  3. Adjust your preference.
Chrome (Desktop)
  1. Click the padlock icon in the address bar.
  2. Select Site settings.
  3. Find Notifications and adjust your preference.