Results 1 to 6 of 6

Thread: @yahoo.com.au --- email address books hacked?

  1. #1
    CoffeeSnobs Owner Andy's Avatar
    Join Date
    Mar 2004
    Location
    Internet
    Posts
    16,600
    Blog Entries
    1

    @yahoo.com.au --- email address books hacked?

    Gene Cafe Coffee Roaster $850 - Free Beans Free Freight
    Hey all,
    I had a tonne of spam email this morning that was coming from real Coffee Snobs member names but fake email addresses and it was CC'd to real people in their address book.

    Guessing from the volume of different names many thousands of Yahoo accounts were hacked or just their Yahoo address books were hacked.

    I suggest that if you use Yahoo.com.au change your password and/or contact Yahoo support for some answers.

  2. #2
    Super Moderator Javaphile's Avatar
    Join Date
    Dec 2004
    Location
    Earth!
    Posts
    15,361
    Doesn't look like my account was used but I changed the password anyways.


    Java "Change!" phile
    Toys! I must have new toys!!!

  3. #3
    CoffeeSnobs Owner Andy's Avatar
    Join Date
    Mar 2004
    Location
    Internet
    Posts
    16,600
    Blog Entries
    1
    Interesting... it was only "com.au" Yahoo accounts that I received spam from not dot com.

  4. #4
    Senior Member flynnaus's Avatar
    Join Date
    May 2008
    Location
    Sydney
    Posts
    4,009
    Could it be some form of brute force spamming where the SMTP address is spoofed and spam is sent to a range of usernames? Or were the SMTP email addresses used by CSers to sign up to Coffee Snobs?

  5. #5
    CoffeeSnobs Owner Andy's Avatar
    Join Date
    Mar 2004
    Location
    Internet
    Posts
    16,600
    Blog Entries
    1
    Nah, neither of those.
    The email isn't coming from their yahoo accounts but is using their name.

    It's tricky to post here without disclosing real information but I'll try.

    Assume there is a CS'r called "John Smith" who uses an email account of johnsmith@yahoo.com.au

    I'm getting junk mail from an account: johnsmith@tninet.se (junk domain but the real yahoo username)

    And it was sent to the following people (me included)

    alanfrew; allan; Amber Kane; andy rumary; andy; ann porter; annemarigold; anthrox; HINDER Miriam John Curtin College of th; AskUs; ben; bethan richards; Leanda; boarding rabbitshop; brianandcarols; brihan; Penny; churchill labs; CLARKE Tenielle John Curtin College of th Arts; coffee

    Unfortunate for me that "andy" is so early in the alphabet!

    So it looks like a real contact list that and all people that have had email from johnsmith@yahoo.com.au in the past and "might" click on the dodgy link included in the email that points to a OPEN.PHP webpage.

    We get tonnes of spam but this is different in that it's using real usernames and their real contact lists... not lists made-up from educated or blind guesses.

    So I have to assume that the at least the Yahoo contact lists were hacked, if not their whole webmail accounts.

    We copped similar from hotmail a few years ago, those email addresses were brute forced and then all their contacts were emailed.

  6. #6
    Senior Member Barry O'Speedwagon's Avatar
    Join Date
    Dec 2011
    Location
    PRL
    Posts
    2,574
    Andy, did the dodgy link purport to be to a document that came from a printer/scanner? Just asking as we had a bunch of stuff hit today of this nature.



Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •