MobileTechie
Well-Known Member
- Reaction score
- 32
- Location
- UK
3 calls today about BT Internet email hacking. There must be something going on. Anyone else heard about it?
UK - BT/Yahoo email hacked?
- Thread starter MobileTechie
- Start date
Martyn
Well-Known Member
- Reaction score
- 116
- Location
- Bedfordshire UK
I've had a couple in the last 2 weeks.
activeits
Member
- Reaction score
- 15
- Location
- Scarborough
I have had about 7 with the last two weeks. I wish Yahoo could come clean if they have had an issue.
Fixedathome.com
Member
- Reaction score
- 1
- Location
- Nottingham, England
Also had a few of these.
citizensmith
Active Member
- Reaction score
- 111
- Location
- DXB, UAE
Depends on what users call "hacked". They iether have a poor password choice, one of their contacts is randomly recieving spam with spoofed From: email headers, they registered with some crappy site that is now sending spam from "them" to everyone they know. A friend gave away their address on some dumbass "tell a friend" form.
Id' go for the second 3 options.
Id' go for the second 3 options.
PBComputer
Well-Known Member
- Reaction score
- 538
- Location
- Carlisle, Cumbria, UK
I too had a lot of calls, I quizzed BT on this via twitter and they never answered me.
MobileTechie
Well-Known Member
- Reaction score
- 32
- Location
- UK
Its hackers and its not users fault as far as I know.
Martyn
Well-Known Member
- Reaction score
- 116
- Location
- Bedfordshire UK
Yes get a few of those myself purporting to be from family or friends but the email domain is something completely different. I think the ones everyone is talking about they've got into their webmail by obtaining their password. I tell everyone who calls to change their password and try to use a unique one for each site they use. My suggestion is to pick something(domain related) to go with their usual password. Say for instance if they like using P4rr0t1 as the main make up of their password prepend the first and third character of the domain(after the www I say). So btyahoo would be byP4rr0t1, Facebook would be fcP4rr0t1, Twitter would be tiP4rr0t1 and so on. Rarely us IT people's accounts are hacked so I'm sure it's bad practices by the end user. Most users have one password(usually a word and 123) for every site they go on.
Larry Sabo
Well-Known Member
- Reaction score
- 3,401
- Location
- Ottawa, Canada
I recommend using the first letters of a phrase they can easily remember, like
I live at 123 Long Avenue in Mytown, Provincename
which becomes:
Il@123LAiMP
They can write the phrase down to jog their memory, without giving the password away should someone see the phrase.
Edit: I also recommend unique passwords for each site, incorporating part of the domain name into the password.
I live at 123 Long Avenue in Mytown, Provincename
which becomes:
Il@123LAiMP
They can write the phrase down to jog their memory, without giving the password away should someone see the phrase.
Edit: I also recommend unique passwords for each site, incorporating part of the domain name into the password.
Martyn
Well-Known Member
- Reaction score
- 116
- Location
- Bedfordshire UK
Yes a good mix but I just try to emphasis giving a unique one for each site. The problem with having one password no matter how complex is that once they have it, it is game over.
MobileTechie
Well-Known Member
- Reaction score
- 32
- Location
- UK
http://thenextweb.com/insider/2013/...l-users-continue-reporting-hacking-incidents/
http://community.bt.com/t5/Other-BB-Queries/BT-email-accounts-hacked/td-p/796762
It's been going on a while apparently.
The one I went to today had their security answer changed so the hackers could change the password. It was changed to something like "secur!ty c0mpr@mised" or similarly "leet" - a little show-off signature from the hackers I guess.
From what I've read the password length wouldn't have mattered. It's down to Yahoo not patching their system properly.
I'm not really sure the length or complexity of such system's passwords is all that important is it? You get 3 goes before you're locked out so it's not like brute force attacks work unless they capture the hash in which case they've probably compromised the server anyway.
For good password strength, length is king over and above complex and hard to remember passwords:
http://community.bt.com/t5/Other-BB-Queries/BT-email-accounts-hacked/td-p/796762
It's been going on a while apparently.
The one I went to today had their security answer changed so the hackers could change the password. It was changed to something like "secur!ty c0mpr@mised" or similarly "leet" - a little show-off signature from the hackers I guess.
From what I've read the password length wouldn't have mattered. It's down to Yahoo not patching their system properly.
I'm not really sure the length or complexity of such system's passwords is all that important is it? You get 3 goes before you're locked out so it's not like brute force attacks work unless they capture the hash in which case they've probably compromised the server anyway.
For good password strength, length is king over and above complex and hard to remember passwords:
citizensmith
Active Member
- Reaction score
- 111
- Location
- DXB, UAE
BT say that recent email problem caused by Yahoo! who blamed cross-site scripting security bugs, aledgedley patched in january, for a recent upsurge in webmail account takeovers.
story here http://www.theregister.co.uk/2013/03/08/yahoo_webmail_hijack_flare_on/
But thenextweb suggests ongoing problems and support line scams http://thenextweb.com/insider/2013/...l-users-continue-reporting-hacking-incidents/
EDIT:- sorry didn't see that previuos link above ^^^^ from MobileTechie
story here http://www.theregister.co.uk/2013/03/08/yahoo_webmail_hijack_flare_on/
But thenextweb suggests ongoing problems and support line scams http://thenextweb.com/insider/2013/...l-users-continue-reporting-hacking-incidents/
EDIT:- sorry didn't see that previuos link above ^^^^ from MobileTechie
Last edited:
rudger
Member
- Reaction score
- 2
- Location
- Worcestershire, UK
it doesn't help that BT still set new customers up with a default email account password of welcome1 and not force the customer to change the password at 1st login.
3 customers have contacted me thinking they were infected with virus's or spyware over the last couple of weeks all scanned clean and turned out they were still using welcome1 as a password.
3 customers have contacted me thinking they were infected with virus's or spyware over the last couple of weeks all scanned clean and turned out they were still using welcome1 as a password.
- Reaction score
- 3,439
- Location
- Manchester UK
Also to add to the mix here. Just found out today, that O2, have sold their broadband, and phone companies to guess who.. SKY!.
Apparently everything will remain changed, but whats to stop them from saying, right you now need to use a sky email address.. which will obviously go to yahoo.
Apparently everything will remain changed, but whats to stop them from saying, right you now need to use a sky email address.. which will obviously go to yahoo.
Similar threads
