My account just got hacked by Romanian (Possibly)

Ahmy Yulrizka
Page content

You are probably familiar with above images. Some random friend sent you an email which you can instantly recognize as a spam because it only contains one link. Couple days ago I receive this email which is not the first time for me. But this time it was different. It actually came from my own Yahoo! account which I never use since more that one year ago.

My first instinct is to check whether the mail really got sent from my account or it just spoofing my email address. I kinda guess already that it is using my main account because the list of recipient is looks like it came out of my address book. So I went to my account and check the sent mail folder and there it is. One email message containing a spam that I actually sent to my friends and family.

Did some digging to my authentication history and found out that somebody from Romania has access my account. How could this be. I’ve never use the account since one or more year ago, I’m an IT guy so I know a little bit about security. I don’t click some random suspicious link. I don’t install any annoying-spyware-browser-toolbar. The password is 12 character long with apla-numeric and random symbol. Thank god that I don’t use the same password for all of my account.

I did again some digging to the given IP address and found out that the IP address came from a location in Rumania. But again this would not be his/her real IP. If i was to send a spam, I will route my email through bunch of proxy all over the world to cover my track. Or probably they don’t even bother because they just using it for spam.

Interesting part is I stumble upon this article saying about Romania has became a Global Hub for hackers and online crooks. According to the article that it’s became a commonplace for some hacker to harness people personal information and use it for illegal activity.

Luckily I don’t store any sensitive information on my email. It would have some serious impact if I store password or bank account information.

Also something that I notice is most of this spam email came from my friends account which also uses Yahoo! mail. Or probably I just never notice.

What can you do when this happened to you

If you ever received / sent this email. I would suggest you to:

  1. Tell the person to reset their account password
  2. Don’t store or send sensitive information unencrypted with email like: password, keys, bank account info
  3. If you need to send sensitive information, try encrypting it first. I go into details of doing that in Safely sharing credentials with PGP. I’m start doing this from now on.
  4. Use some secure password, and don’t use the same password for all of your account.
  5. If you can, try to change the password on a regular basis. or use service like LastPass
  6. When this is your work email that sometimes contain private information. Use service that offer two factor authentication like gmail does you need to enable it.
  7. Stay safe friends, internet is a dangerous place