Saturday, July 14, 2012

Yahoo, Hackers, Passwords and My Online Security

Posted in: , , , , , , , ,

I got my first email in 2001 and it was a yahoo account. It was opened for me by a friend who had moved abroad and wanted to encourage me to use the internet to keep in touch, rather than the more expensive post or telephone. I chose a very simple password, something I felt I would never forget. By 2005/06, that friend was no longer in the picture but I was vastly more experienced in using the internet. Yahoo had started 360 and I set up an account - my first experience of social media.

Fast forward six years and I work from home and most of the work is online. I play online, as well as do my shopping, blog and use other social media. My yahoo account is still my primary email, and the address is the only one that has my real name. The password I chose more than 10 years ago is still my favorite and I frequently use it for a lot of other websites when I need to register for one reason or another.

That was my main mistake. I started yesterday with the following email from Book Depository, an online book retail site.

Dear ...,

At The Book Depository we take your security and privacy very seriously. As part of our routine security and privacy checks, we have become aware of a security breach at an unrelated third party which has resulted in a set of email addresses and passwords being posted online (see BBC news report http://www.bbc.co.uk/news/technology-18811300). We believe that your email address was on the disclosed list.

Some hours later there were a flurry of emails from other web service providers including Amazon, Hulu and Twitter. They believed my email was compromised, and had disabled or reset my password. They were also basically saying that I should come over and change to a better and stronger password.

Funny, I only heard from Yahoo this morning, when they should have been the first to contact me. Anyway, now I have more clarity on where it was that water entered the gourd, as they say in my language. I write for Yahoo as an Associated Network contributor, something I registered about three years ago.

The yahoo email goes on to apologize and advice all account holders on various ways to secure their accounts including those suggested by other service providers.

And for consumers like me who use the same login information on services across the Internet, they suggested the following;

• Change their passwords for any account they hold every few months,
• Use a different password for each service or website, and
• Create passwords using a mixture of characters, symbols, and numbers.

Since Atala, who works in IT and is also active on the internet, discovered my passwords issue, he had been on my case to change and diversify my email accounts and passwords for better online security. In some places, I listened to hime, in others, I was just too lazy. Now, after trotting all over the internet changing passwords and thinking up new ones, I know better.

I will more proactively be monitoring all the activities on my email accounts and using the service provided by some sites like Facebook, gmail and even yahoo, to check the location from which someone logged into my account.

And I require a favor from you guys too. If I've contacted you before, please be on the lookout for spam originating from my email and do let me know. Thanks.

Who else was affected by the hacking of yahoo and their associated services?



6 comments:

  1. Myne, I suffered the embarrassment of a third party soliciting funds from friends in my name. Back then, my password was a funky nickname I had in secondary school--YES, I was an English name.
    I check them by arranging my grandmothers precolonial native name, her maiden name, characters and numbers. Gbam. dem dey try but, dem never breach.
    to breach, they will need a seriously villa breed Igbo that understands the difference between pre-christian Igbo names and modern ones. Even then, aside from a breach from yahoo, e go still hard.
    Stay cool Ada'anyi.

    ReplyDelete
    Replies
    1. Thank you Mazi. I feel for those friends when I get those scams from their emails. I'm learning now about passwords and security.

      Delete
  2. Thanks for sharing, it always advisable to use a combination of words and letter plus other combinations that you can come up with. However except if yahoo database was hacked, then they could still recover your password.

    ReplyDelete
  3. Thanks for the tip off. I should go check my yahoo account which is my oldest account and linked to facebook..

    ReplyDelete
  4. So thats the problem because i havent been able to open my yahoo account now.

    ReplyDelete
  5. now wonder. iv been geting loads of spam from my yahoo contacts. it all makes sense now. I knew a major site was compromised from the frequency and diversity of those junks but i dint expect it to be yahoo itself

    ReplyDelete

Click Post a Comment to share your thoughts, I'll love to hear from you. Thanks!

*Comments on old posts are moderated and may take sometime to be shown. That's just because I want to see them and respond to you if necessary.