Both my blog and old mail account have been hacked!

April 2, 2011 3pm in Yes, I'm a geek. | Comments (2)

First off, sorry to those of you who have known me since 2005 and still use the same email address as back then. You might have received spam from me from my old Yahoo email account. Most of it seemed to have consisted of just a link to some site.

I know because I got lots of “undeliverable emails” for emails that I’d never sent, and they were all to people in my Yahoo contacts, so someone somewhere got my Yahoo contact list. Luckily, it’s a very old email account of mine and I stopped using the contact list around 2005.

I’m not sure how it happened, whether it was someone “brute force” guessing my password (trying all possible passwords using a computer program), but I think it was more likely to be Open ID. I signed up to to ask about some programming questions, and to do that, rather than use a new user account, I used Open ID to save time, and used my Yahoo ID as my Open ID. I had to give my Yahoo password to this site.

Now, this site may have passed my password on to another site, or they may have logged onto my Yahoo mail after I gave them my password. I have no proof of this, but I’ve had this email address for over 10 years without a problem and it seems a bit of a coincidence that less than a week after I sign up to Open ID, my account is compromised.

So, when I log onto my blog to blog about this, I see that my most recent post has been marked as private, and someone’s put ads all over it! Uhoh, I thought, this is not good. So I looked further, and it showed a revision by someone called pandona. So I looked at my WordPress users, and this user had administration rights, meaning that they could do anything they wanted! Ouch!!!

And, to make things worse, they’d set it so that anyone that signs up to my blog automatically gets administrator rights! Fortunately, he or she also had the decency to disable user signups – if they didn’t, anyone could have done anything. This user also changed my time zone to the middle east, and changed a couple of other settings.

I have no idea how they did this, but since my WordPress version is two years old they probably used some obscure vulnerability which is freely available on the web. So, I’ve upgraded my wordpress to the most recent version, and changed the password on both my Yahoo email and my blog. Hopefully that will be the end of my problems!

2 Responses to “Both my blog and old mail account have been hacked!”

RSS feed for comments on this post. TrackBack URL

  1. Comment by MumApril 3, 2011 11am  

    I was quite sure that you hadn’t truly sent us an email about viagra!
    Isn’t that amazing though that you had both those things happen pretty much at the same time. They weren’t related, I am guessing.
    Why would anyone do that anyway.

  2. Comment by David — April 4, 2011 2am  

    That sucks. Glad you’ve got it sorted now. :-)

Leave a Reply