PDA

View Full Version : Security hole in Yahoo! Mail???


MacVault
Jun 15, 2003, 12:16 PM
I was trying to check my Yahoo! email account yesterday from my Sprint PCS phone and what do I get? Not my account, but somebody elses Yahoo! email account. An account I know nothing abbout. I didn't have to enter their username or password or anything. It just came up with some other account and all the mailboxes and messages were accessible from my cellphone. So, then later on I start getting other Yahoo! accounts popping up on my Sprint phone when I try to access my Yahoo account. It shows the account name, their email messages, and everything!!! Now it scares me enough that I'm getting access to other people's Yahoo accounts over my phone, but WHO OUT THERE IS ACCIDENTALLY GAINING FULL ACCESS TO MY ACCOUNT???? This is crazy. I haven't seen anything on the news about this, never seen this happen before. I emailed Yahoo! to let them know this was happening. Anybody else seen this happen?

GeeYouEye
Jun 15, 2003, 06:06 PM
If I had to guess, I'd say somebody 'borrowed' your phone to check their email. But that would only explain one account... but more than that... wow, that's a pretty gaping security hole...

MacVault
Jun 15, 2003, 08:01 PM
Yea, that did cross my mind when this first happened two days ago, but I knew nobody had used my phone cuz I have it in my pocket at all times when I'm not using it and I'm kinda a recluse so nobody would have been around to use my phone. But then I started getting many other accounts showing up on my phone - accounts I know nothing about. This has been happening for the last few days and I've never had this happen before. I've had probably seven or eight different accounts show up that I've never heard of. It's kinda pissing me off not only because of the security problem but because when I want to check my email account I can't - THERE'S SOME OTHER ACCOUNT SHOWING UP ON MY PHONE. It's seems like to access my Yahoo! Mail account I have to turn the phone off then turn it on and then try again to go to my account and then it seems to access my account for a while but if my phone sits for any length of time I'm almost guaranteed to see some other account show up on there. Don't know how this could be happening but it seems like a nasty hole and I haven't heard of anyone else having this problem. Yahoo! has to fix this quick!!!

jethroted
Jun 16, 2003, 09:50 AM
Originally posted by MacVault
Yea, that did cross my mind when this first happened two days ago, but I knew nobody had used my phone cuz I have it in my pocket at all times when I'm not using it and I'm kinda a recluse so nobody would have been around to use my phone. But then I started getting many other accounts showing up on my phone - accounts I know nothing about. This has been happening for the last few days and I've never had this happen before. I've had probably seven or eight different accounts show up that I've never heard of. It's kinda pissing me off not only because of the security problem but because when I want to check my email account I can't - THERE'S SOME OTHER ACCOUNT SHOWING UP ON MY PHONE. It's seems like to access my Yahoo! Mail account I have to turn the phone off then turn it on and then try again to go to my account and then it seems to access my account for a while but if my phone sits for any length of time I'm almost guaranteed to see some other account show up on there. Don't know how this could be happening but it seems like a nasty hole and I haven't heard of anyone else having this problem. Yahoo! has to fix this quick!!!


You should email them letting them know about this problem. Or you could file a law suit against them, and try to make some money. If you do, you have to give some to me!;) j.k. You really should contact them however. I have a yahoo account, and I don't want people getting access to it.

MrMacMan
Jun 16, 2003, 10:08 AM
that is a pretty wide gapping security hole if I ever saw one.

And I have ... There was a file on my school computer that had all admin accounts/pass's.

The secure part of that was this:
xAxDxMxIxNxxTxHxExPxOxWxExR

Yeah the 'x' really made me not see that:
admin/thepower
:eek:

jethroted
Jun 16, 2003, 01:49 PM
Originally posted by MrMacman
that is a pretty wide gapping security hole if I ever saw one.

And I have ... There was a file on my school computer that had all admin accounts/pass's.

The secure part of that was this:
xAxDxMxIxNxxTxHxExPxOxWxExR

Yeah the 'x' really made me not see that:
admin/thepower
:eek:

What was it that said "xAxDxMxIxNxxTxHxExPxOxWxExR" ? I don't get how that was protecting anything.

MacVault
Jun 19, 2003, 03:43 PM
Well, after about five days of no problems, I'm starting to get other accounts again today. I've had two or three other accounts show up on my phone today. I emailed Yahoo! a week ago, and no response from them. Tried to call them and fail to get a live voice. What's up Yahoo?????