Tuesday, May 17, 2011

How Your E-Mail Account Gets Hacked

From my friend Don, whose Yahoo account also got hacked recently:

The bad guys get a million yahoo.com e-mail addresses. Into those million yahoo addresses, they have a hundred computers that type in one password every hour, 24 hours a day, 7 days a week.

It's not the other way around, where one e-mail account is hit with a million different attempts at a password. Nope: These guys just have their computers chugging along with the 5-to-8-letter/number combinations. Every hour, your e-mail address has a random password typed into it. Yes: Your e-mail address. Don't doubt it.

My e-mail account was on that list of one million addresses, and my old Yahoo password (comprised of lower case letters and digits) at some point came up: that exact combination of letters and numbers that I was using was randomly selected to be tried on a million e-mail accounts, and... well, a little "ding" of success sounded in some dingy office in the suburbs of Moscow when the machines got to my e-mail account.

So, for all of you: I thought my password (8 characters of 4 random lower-case letters and 4 random numbers) was secure. It was not. Chances are, neither is yours. The advice: Change your password to something secure: Use both capital and lowercase letters; stick an # or an & in the middle, stick an ! or a : on the end. And, most importantly, 8 characters minimum. Any less than that and you're asking for it.

Also, if you have the option, you really should not use any large e-mail provider which, after having had 3 or 4 incorrect passwords typed into it, does not raise a red flag of suspicion by either sending out a warning, freezing the account, or taking some other action: You can be certain that the hackers don't bother attacking accounts at those e-mail companies. And, in case you are wondering: What is the least suspicious e-mail provider of them all? Yahoo.

4 comments:

René said...

Hi Jil,

Thanks for this article. Yahoo mail is getting a real problem. I coppied a part of your entry in my own blog with a back-link to you. Is this OK?
http://www.silent-gardens.com/blog/index.php?entry=Yahoo-mail-accounts-hacked

Have a nice day.
waebi

René said...

Hi Jil,
thank you for this article. I am a victim on the recipient side.
I coppied a part of your article with back-link in my blog. Is this OK?
http://www.silent-gardens.com/blog/index.php?entry=Yahoo-mail-accounts-hacked

Have a nice day
waebi

Mom said...

So - could I have your new e-mail address? I won't let anyone know what it is.

Jil Wrinkle said...

No new e-mail address. Just changed the password.