Special offer
Home > Blogs > Mike Carlier > Mike Carlier's blog
bookmark_border

YAHOO address book accessed by bad guys

By
Industry Observer

On August 30, my YAHOO address book was accessed and all addresses received a promotional email from a Chinese site.  The emails were the usual, a personal note from "me" urging the recipient to go to this wonderful site and buy everything cheap. 

My YAHOO address book has been sitting in the account for years, and many of the addresses are no longer valid.  That made the event a little less embarrassing.  I emailed everyone suggesting that they delete the "better shopping better life" email as I did not really send it.

Now, just a few weeks after reporting the incident to YAHOO security, they have sent a return email.  That's what I love about email, it only takes three weeks to contact somebody.  YAHOO will only consider assisting me if, among other information, I provide them with my secret security question.  The account is more than a dozen years old.  In the last decade, like most folks, I have provided many security questions and answers to many accounts.  This is part of their response and the information they required before providing any assistance:

Please know that we do have access to original account information and
that we will be unable to provide login or other assistance without
completely verifying your account.
* Yahoo! ID (If you cannot supply this ID, please give your alternate
email address given during your original registration)
* Your name
* Date of birth (mm-dd-yyyy)
* Your alternate email address
* Secret Question and Answer
* Your city and state
* ZIP Code or Postal code you entered during registration
* Your country

Apparently YAHOO security will not help me unless I know the particular question that was established for this account years ago.  My question to them is why not ask me the question and I'll supply the answer.  That would make too much sense. 

What help did I request that requires me to establish that I'm not a criminal trying to compromise their security?  I told them I had changed my password and asked if there were any other steps that I could take to avoid further problems.  Really sensitive information, right?

Posted by

 Mike Carlier  Lakeville, MN

 

612-916-3033

 

Show All Comments
Jennifer Prestwich
Henderson, Thornton, Broomfield and Westminster - Henderson, CO
Madison & Co Properties

Maybe they could do it Jeopardy-style and supply the answer and you could give the question?  Oo- I know- what if you told them you wanted to send a follow up shopping site email to all of your friends?   Thank goodness we have email now- it's so much faster than sending it snail-mail.  By Yahoo standards, that could've taken 6-8 weeks.  

Yikes, Mike.  Hang in there!  I have a friend who "sends" me email every 3 months or so about Viagra, mail order brides, weight loss, you name it.  

Sep 25, 2010 02:48 AM
Brenda Busch
Morris Real Estate - Bridgewater, MA

That's just awful!  I had someone hack into my account on craigslist recently and they were posting things for sale using my email address.  I removed the 2 posts that were made, tried to contact craigslist to now avail and changed my password on my account.  I still receive emails about every other day saying showing these items that I have supposedly posted!  What do you do at this point if no one responds to your Yahoo problem?

Sep 25, 2010 02:50 AM
Stephen Sainte-Martin
Realty Direct Boston - Boston, MA

E,J.

It is unfortunate about you breach.  I wish you the best in your recovery of data.  thanks for informing us.

Stephen

Sep 25, 2010 02:51 AM
Ann-Marie Clements
Candidate for an Ed.D. in Educational Leadership - Saint John, NB
Ed.D. candidate, Innovative Proactive Principa

Hi MIke,  All I can say is:  "It wasn't me!!!" I only just arrived in China...  But I'll be on the lookout for that scoundrel...  I don't have access to Facebook, Twitter and a few other social media sites, so I'm super glad that I can still blog on Activerain... YEAH!!!  ;>))

Sep 25, 2010 12:22 PM
Chris Ann Cleland
Long and Foster Real Estate - Gainesville, VA
Associate Broker, Bristow, VA

I never thought that I'd need to know the question and the answer to the security question for an online account.  How stupid is that? 

Sep 26, 2010 04:49 AM
Mike Carlier
Lakeville, MN
More opinions than you want to hear about.

Thanks for all your comments and support.  While Yahoo has spent the last three and a half weeks trying to convince me that they don't know if I'm me, there's some scam Chinese mail order house that is undoubtedly stealing other Yahoo address book contents.  It's getting clearer by the minute why Yahoo is number two and trying hard to become number three.  I have no doubt that they will succeed.

Sep 26, 2010 05:09 AM
J. Philip Faranda
Howard Hanna Rand Realty - Yorktown Heights, NY
Associate Broker / Office Manager

Mike that sounds almost as frustrating as dealing with a bank in a short sale. Ridiculous. 

Sep 26, 2010 02:14 PM
Elizabeth Baklaich
Virtual Assistant to Steve Baklaich RE/MAX Realty Source MN - Saint Cloud, MN

It sure is an interesting time we are living in these days. Hope it gets worked out and that your clients are not damaged. Have you tried to create a new account and looked at the drop down box full of question choices to see if you remember one of them? They should just ask and let you answer, thanks for giving us the heads up!

Sep 27, 2010 05:00 AM
Mike Carlier
Lakeville, MN
More opinions than you want to hear about.

Phil, yes Yahoo could be a training facility for short sale negotiators. 

Elizabeth, the fortunate part is that I have not used my Yahoo address book for a number of years.  It's really so my inbound personal emails don't go to the trash folder.  Most of the entries that are not personal friends are people I haven't had contact with for years.  Oh, one good thing, an old almost forgotten friend did contact me after receiving my "I didn't send it" email.  He is considering moving back to the area from out of state and may need some help finding a new place to live.

Sep 27, 2010 05:55 AM
Back to Top

What's the reason you're reporting this blog entry?

Are you sure you want to report this blog entry as spam?