Pond Boss Forums GENERAL QUESTIONS Pond Boss Getting Hacked - Again!

Well, it happened again. My Yahoo! e-mail account was hacked. I know that many of my Pond Boss friends probably got strange e-mails. Somehow, I was able to sign in to my account four times last night -- twice from Spain, and twice from Malaysia. I don't remember being in either place, but oh well! It is crazy how Yahoo security allowed me to be logged in from three different countries at the same time.

I also find it amazing how many similar messages from "new members" show up overnight on the Pond Boss site, for everything from watches and purses, to . . . I guess there is money in it somewhere.

Anyway, just a public apology, if you got one of the e-mails. This one wasn't quite as traumatic as the last one, where I supposedly had been mugged in London, and you were requested to send ransom money. (I didn't get a penny, and neither did the muggers -- some friends!)

Ken


Yesterday
10:28 PM Yahoo! Mobile Logged In Spain
10:28 PM Yahoo! Mobile Logged In Spain
10:28 PM Yahoo! Mobile Logged In Malaysia
10:28 PM Yahoo! Mobile Logged In Malaysia
10:19 PM Browser Mail Access WV, US

Sorry to hear that Ken, changing email is such a pain!

Does there seem to be any commonality about the hacks? In other words was it Yahoo both times? Are you using public places to check email? Are you typing in your email account number and password over a public internet access?

I wondered why you cared if I had asthma.

Ken:

No I don't need any blue pills. Oh Wait, I'll call you.

just keep 'em away from Sunil....plays havoc with his asthma

If it wasn't such a pain to clean up the mess, it would be humorous.

As for the hacks, I find that it is a really pretty common occurrence, especially with Yahoo. They are even a heck of a lot more common than even amoebae attacks. I check in all over the place, and that may be part of the problem. I check my e-mail on my cell phone's "mobile Yahoo." I do the same with my Kindle. I have a mobile "hotspot." I spend a lot of time traveling, where I'm subjected to the wireless in the motels.

Hopefully, the little blue pills will protect Sunil's asthma in his pond. Oh, and in Pennsylvania, just a short cast from Sunil's pond, they had to close a lake last week. Health Issues at Lake Near Sunil's

Ken, I get those "save me, stranded in Europe" emails from "friends" relatively frqeuently. Maybe even one per month? Anyway, I know to ignore them, and that I am not deserting you in a foreign nation. :-)
It happens a lot with .edu email addresses, so I suspect that Yahoo is not the only service with problems.

Same thing happened to me.. Email Compromised happens atleast once a year..

I remember the old days when I use to get "Letters" in the mail from some far away land promising me of untold fortunes if I just helped them out and "Snail Mailed" all of my contact and bank info

Use to get letters from the FBI also. One of them was actually "The Real Deal" Bought some software on ebay, and it turned out to be bogus. Had to fill out a Q&A form and talk on the phone with a couple of investigators in Chi-Town. I had to make myself available as a witness, and they shoved me in some sort of victim program.

A couple years later, I get a letter in the mail from the FBI thanking me for my cooperation, and that the case was dropped!

Turns out the software was legit, but I am out my money, plus the software!

I'll never forget the guy's name on the Indictment.

Back to emails. Got about a dozen or so ema's, and never been hacked. Must of been something you did, or did not know what you were doing. I did however, see one site that automatically scanned one of my email accounts contact info and wanted me to add it to their site. I have slow enough internet, and am slow myself after work, but read the junk before I click OK.

Ken (and All take note), change your password and use a strong password. LOLSEC posted a lot (millions and millons) of passwords this summer. The script kiddies are using these lists to hack email accounts. From now on use at least 8 characters minimum (10 - 15 is way better) use upper and lower case letters, at least one number and at least one special character (!@#$%^&*()_-+=) if allowed by the sight.

Welcome to the internet. The old days are over wether we like it or not.

PM me if you need to know more. I may be new to ponds, but I am an expert on this one.

You are correct on the password strength. We recommend passwords be changed to something that contains at least 1 Capital letter, 6 numeric and enough lower case letters and/or special characters to get you out to a length of 11 or more characters. Changing at least one character in your password every 30 days is also a good idea.

As an example: T246870linus~
linus is sunil spelled backwards..

I'm "Linus" on an alternate, bizzaro Pond Management Website.

My PB password is only 6 characters.

I would like to see someone log in, in my name and post something! (other than someone on the other end of the server)

Yeah, a neighbor buried a 6000 gallon plastic tank as an auxiliary living/survival quarters, because, the world is supposed to end this December.

Figure out my password! Heck, I barely know it!

WOW! I never noticed that before. Sort of the whole Live - Evil thing going on there. And remember Kaerf is Freak spelled backwords.

Are you serious Dwight? I have a password like that at work to log into the NCIC system. By the time I am logged in, I am ready to launch the keyboard into next week.

I work for a REALLY BIG AND IMPORTANT company -- at least that is what we are led to believe. Security says we aren't supposed to write down or record our user names and passwords. I looked at my three Post-It note list today -- thirty-one separate accounts, each with different user names and/or passwords. On all of the accounts, we get between three and five tries, even if we only access the account annually. If we get locked out, we have to deal with a condescending somebody in a far away country to reset our account. What a pain in the ...

I'm going fishing.

Ken, I know the feeling. We had to change our password every 30 days, and you couldn't use a letter or character in the same position that you did for the previous 12 months. You don't know how many times I was ready to call IT over (they were in the next building) to set my password.

Post-it notes were/are under everybody's keyboard - same rules as your place.

Usually nobody "gets hacked".
In most cases it has logical explanations that might be invisible in the first time. Many kids give their passwords to their friends and - what the heck - their WOW account "has been hacked". OK, seems like it won't be your case.
Keyloggers might be a nightmare for anyone (and don't think that antivirus software can stop them - not really ). Just log in your mail from not your computer and it can record everything you typed. Easy.
Some people log in and check "remember me" or simply forget to log out.

There can be many other explanations, so maybe start deeper thinking what did you do some days before "your account got hacked" and maybe you will remember something suspicious.
Yahoo is a very large company and I suppose that they think about their security very much. They would notice that, for example, brute force attack is going on...