Tuesday, May 17, 2011

How Your E-Mail Account Gets Hacked

From my friend Don, whose Yahoo account also got hacked recently:

The bad guys get a million yahoo.com e-mail addresses. Into those million yahoo addresses, they have a hundred computers that type in one password every hour, 24 hours a day, 7 days a week.

It's not the other way around, where one e-mail account is hit with a million different attempts at a password. Nope: These guys just have their computers chugging along with the 5-to-8-letter/number combinations. Every hour, your e-mail address has a random password typed into it. Yes: Your e-mail address. Don't doubt it.

My e-mail account was on that list of one million addresses, and my old Yahoo password (comprised of lower case letters and digits) at some point came up: that exact combination of letters and numbers that I was using was randomly selected to be tried on a million e-mail accounts, and... well, a little "ding" of success sounded in some dingy office in the suburbs of Moscow when the machines got to my e-mail account.

So, for all of you: I thought my password (8 characters of 4 random lower-case letters and 4 random numbers) was secure. It was not. Chances are, neither is yours. The advice: Change your password to something secure: Use both capital and lowercase letters; stick an # or an & in the middle, stick an ! or a : on the end. And, most importantly, 8 characters minimum. Any less than that and you're asking for it.

Also, if you have the option, you really should not use any large e-mail provider which, after having had 3 or 4 incorrect passwords typed into it, does not raise a red flag of suspicion by either sending out a warning, freezing the account, or taking some other action: You can be certain that the hackers don't bother attacking accounts at those e-mail companies. And, in case you are wondering: What is the least suspicious e-mail provider of them all? Yahoo.

4 comments:

  1. Hi Jil,

    Thanks for this article. Yahoo mail is getting a real problem. I coppied a part of your entry in my own blog with a back-link to you. Is this OK?
    http://www.silent-gardens.com/blog/index.php?entry=Yahoo-mail-accounts-hacked

    Have a nice day.
    waebi

    ReplyDelete
  2. Hi Jil,
    thank you for this article. I am a victim on the recipient side.
    I coppied a part of your article with back-link in my blog. Is this OK?
    http://www.silent-gardens.com/blog/index.php?entry=Yahoo-mail-accounts-hacked

    Have a nice day
    waebi

    ReplyDelete
  3. So - could I have your new e-mail address? I won't let anyone know what it is.

    ReplyDelete
  4. No new e-mail address. Just changed the password.

    ReplyDelete