Yahoo is the weakest link – but still strong enough!

Last night, someone (probably Isolate, the same loser who did it last time) tried to hack into my online identity.

Last night I received an unsolicited password reset e-mail from Twitter. I ignored it but kept a watchful eye. A few moments later I got a slew of messages from Yahoo.

7:32pm: Password reset requested. (Ignored.)

7:53pm: ruby62@mailinator.com [a service commonly used by spammers] was added to my account.

7:55pm: My password was reset.

7:56pm: My actual e-mail address was removed from the account.

Then they took my cell phone number off the account and changed my security questions. I braced for impact, hoping that that multi-factor authentication that I added to all my accounts after being hacked in May would withstand the assault.

And it did! I sent  messages to Yahoo via Twitter at 9:36pm and via their webform at 9:47pm, and at 11:35pm they acknowledged it but only via e-mail to my unused Yahoo address. It looks like someone also tried to get into an old Dreamhost account from a former client, but the account was already suspended.

Today I was able successfully reset my password and remove all the junk settings. I already had 2-step authentication turned on for this account so I’m not sure how it got hacked anyway, but I’m glad it didn’t go too far.

Although it was very likely the same teenager from Las Vegas doing the hacking, whoever it was made it seem like they were logging in from Europe:

Screen Shot 2013-07-16 at 8.14.25 PM

Fuuuuu

I am powerless to stop this, apparently.

The following email address (rubyji@gmail.com) was deleted from your Yahoo! account ‎(al********)‎.

To ensure that your account information remains accurate and secure we notify you whenever this information changes.

This change request was made on May 27, 2013 at 04:42pm EDT.