Hacking Email Accounts

Curious about how a hacker was able to access Gov. Palin’s email? The account hacked was a personal Yahoo account. This article from MacWorld explains how it was done.

Yahoo offers a method for users to recover a forgotten password. You may recognize the procedure from your own experience. When creating an account, users are allowed to select from a limited set of questions a question that must be answered before a forgotten password is revealed (in this case before access to change a password is allowed). If you know the answer to the question, you can gain access. If you select a question that is “researchable”, you are vulnerable. In considering some of the questions, it seemed that questions I felt most comfortable predicting I could answer consistently (e.g., mascot of my high school) would be the type of information someone else might be able to locate. I was a Kingsley-Pierson “Panther”.

I investigated my own Yahoo account (I don’t use Yahoo for email, but a Yahoo account is needed for Flickr). I agree with the security assessment – if you know the Yahoo ID and if you selected a question to protect your password requiring information that might be readily available, it would not be that difficult to hack. For example, it might be possible to determine the city in which I was born and it would be more likely if I was a political figure.

As you might guess, I did not use my high school mascot or city of birth as my security question.

You would know that your security had been breached (you might not be able to get back into your account because the password had been changed, you received an email sent to a second account indicating your password had been changed), but by that time any information you were hiding would be available to others.

Loading

Leave a Reply