PDA

View Full Version : Yahoo account hijacked. Their CS is useless!


rizalkhan
04-06-2006, 06:28 AM
I would like to share an incident that happened to me day before (the 4th of April 2006) which is causing me a lot of pain today. The story goes as follows

a) I was on Yahoo Messenger (YM) when I received a message from my supervisor. Let me know if you need the URL and I will be happy to provide it to you if you guys need to see it

b) The URL being a Geocities site, I was asked my Yahoo login and password. When I entered the page, all I saw was a couple of pictures I had saved to my yahoo briefcase before.

c) Yesterday (5th of April 2006) I am told by my friends that my YM had automatically sent a similar message to everyone in my account. It must have been automatically triggered as it did not come from me.

d) Yesterday, I was unable to log into my YM

e) And after trying several times which failed, I then tried to log in through login.yahoo.com. Again it failed indicating my id and password did not match my account is now suspended for 12 hours. I have written (yes, they take ages to reply) to Yahoo but they cant help me because i) I cant answer the question – Which has been changed (not by me) to “What am I Looking at now?” ii) Alternate email which is not correct.

Their CS has insisted I know the answer the above question. Can you imagine? How the hell am I to know the answer? Further to that, are they not aware than anyone stealing your login can change everything there is inside your account? Basically my Yahoo! Account has been hijacked. I believe this is a worm which was activated after I had clicked the geocities link.

I went through this forum. Alot of us are experiencing the same thing and yet Yahoo! has not been able to help. Seriously, there are more ways to verify a person that this stupid process. There must be considering i've had this account for more than 5 years now. Trully dissapointed!!!!!!!




:mad:

foxygoddess
04-17-2006, 08:08 PM
This happened to me as well, in January 2006. The same thing: my account was hacked and everyone on my list was messaged with a URL to the Geocities website attached to my Yahoo ID. People who went there, were met with what appeared to be a Yahoo login page, but it was actually a phishing page - when anyone logged in, they inadvertently sent their Yahoo ID and password straight to the hacker.

I used my alternate Yahoo ID to warn my friends. I sent a message to everyone on the list telling them what had happened and not to login to the Geocities page.

It's not a worm doing this. It's an actual person. I know this because I got replies to my warning message - from my own hacked ID, and the IDs of a few other friends whose accounts had been hacked as well.

I spoke with the hacker in IM very briefly. They informed me that I could have my ID back if I gave them a "boobie shot". I told him/her that they must be kidding, and the reply was, "Your choice. Ciao." S/he logged off and never IMed me again.

Something else that the hacker tried to do a couple of times, was add my alternate ID to the hacked ID (the way you add a "friend" to your Messenger list). I sent a message saying, "You don't have to be on my Messenger list to IM me." I can't think of any reason s/he would be so keen to add me to the hacked list. I wonder whether it would give him/her some sort of advantage in trying to hack my alternate ID. I really don't know.

I tried contacting Yahoo for support via the web, to no avail. In the end, I Googled and found a phone number, which turned out to be wrong, but was given a correct number for Yahoo customer service. (What an oxymoron THAT is.) So here I was at 4am, phoning Yahoo from Australia, just to get some help. They gave me an email address. I was instructed to enter my hacked ID in the subject line, and hit "send". I was sent an automated reply that contained about eight or ten questions. I answered these, but changed nothing else in the email (as per their instructions) and hit "reply".

Once I reached this stage, Yahoo restored my account to me rather quickly - but it was a nightmare getting to this stage.


The email address I was given was:

account-security-help@cc.yahoo-inc.com


The phone number that worked for me was:

+1 408 349 1572.


I also think something that helped me get my account back, was the fact that I had a verified alternate email address attached to my Yahoo account, and I emailed Yahoo for help from this address. That's pretty clear proof of ownership.

I don't understand why it is so difficult to get an account restored, or to even just SPEAK to someone at Yahoo. Every time you enter a Yahoo chatroom these days, there's a warning up the top that your IP address is being logged. Why don't they just compare the IP address that they say they've logged, with one from the email you send them when you ask for help? Grrrr...