Email Adress Book Hacked?

[PB AZ]

I have an iMac running OS 10.5.8

My email provider is Comcast

I download, and send all email from the mail app on my iMac. All my addresses are stored in the Address Book app on my iMac.

I never email from or store addresses directly on Comcast.net

Recently I have received several emails from people in my address book saying they have received emails from me containing a link in the body of the text.

Does anyone know how I should proceed to fix this problem?

 

[Tumbleweed666]

There are several possibilities.
The least likely by several zillion orders of magnitude, is that your address book was hacked (whatever that means)
The most likely is that the email of a friend was hacked either directly on something like yahoo or hotmail or via a virus on their PC. Your email address would have been one of the many email addresses copied from their PC and when spams were sent out,the spammers faked the sender email address to make it look as if it was you. That is trivially easy to do.
It is possible that your comcast email was hacked but if you don't use it via a web interface and so there are no addresses stored there as you say that seems unlikely.

 

[LTResident]

Comcast hacked

My wife's comcast email was just hacked - 80+ erroneous emails sent. Couldn't figure out how they got to her apple contacts...it turned out the hacker didn't breach her apple contacts list - they hacked the comcast email server, got into her account, and sent a solicitation email to everyone in her old contacts on the comcast server. We figured it out since one of the bounced emails was to an address that only resided on comcast's server contact list...not on her current apple contacts.
Good news - no hack into apple ecosystem. Bad news - her password (old one) was hacked at the comcast server. Copies of the erroneous emails were in her comcast server 'sent' folder...no where else.
And no, comcast never provided any warning about their system being hacked.

 

[campyguy]

My wife's comcast email was just hacked - 80+ erroneous emails sent. Couldn't figure out how they got to her apple contacts...it turned out the hacker didn't breach her apple contacts list - they hacked the comcast email server, got into her account, and sent a solicitation email to everyone in her old contacts on the comcast server. We figured it out since one of the bounced emails was to an address that only resided on comcast's server contact list...not on her current apple contacts.
Good news - no hack into apple ecosystem. Bad news - her password (old one) was hacked at the comcast server. Copies of the erroneous emails were in her comcast server 'sent' folder...no where else.
And no, comcast never provided any warning about their system being hacked.

Sadly, this is old news that you're correct about (http://www.zdnet.com/change-your-passwords-comcast-hushes-minimizes-serious-hack-7000026118/).

I have two Comcast accounts for my business and personal use. As soon as I saw the Zimbra email/contact/calendar interface I chose to not use Comcast's services. With all of the Yahoo email hacks exactly like the one described in this thread (Yahoo owned and used Zimbra for quite a while...) that were not fixed, I dropped Yahoo email and moved on. Still no word from Comcast - this breach seems to have the same result of the Yahoo email breaches...

Edit: Hours later, I just logged into my work email account. Fortunately, for me, I'm the owner and administrator of my domain. I've got dozens of spam email messages spawned from a former client - who uses Yahoo for her personal email. This is the 3rd time in about a year that my domain has been spammed by those that (not who've - it's a bot, not a person) have hacked her account. This time, since she's retired, I'm not giving her my new account information. Zimbra just needs to die - it's a buggy POS.

 

[CrickettGrrrl]

Sadly, this is old news that you're correct about (http://www.zdnet.com/change-your-passwords-comcast-hushes-minimizes-serious-hack-7000026118/).

... As soon as I saw the Zimbra email/contact/calendar interface I chose to not use Comcast's services. With all of the Yahoo email hacks exactly like the one described in this thread (Yahoo owned and used Zimbra for quite a while...) that were not fixed, I dropped Yahoo email and moved on.

Edit: Hours later, I just logged into my work email account. Fortunately, for me, I'm the owner and administrator of my domain. I've got dozens of spam email messages spawned from a former client - who uses Yahoo for her personal email. This is the 3rd time in about a year that my domain has been spammed by those that (not who've - it's a bot, not a person) have hacked her account. This time, since she's retired, I'm not giving her my new account information. Zimbra just needs to die - it's a buggy POS.

Yahoo! and all their derivatives (Flickr, etc., etc.) were hit hard by the Heartbleed server exploit, so this is not a surprise unfortunately.

I had trouble resetting my Flickr password today, after things were supposedly patched. Then, Flickr would only accept letters & numerals AND managed to mangle the account name. Yahoo is a pain & woefully behind. So if Comcast uses Zimbra, it's really important to change the passwords now. That is, if Zimbra's servers are patched.

 

[campyguy]

So if Comcast uses Zimbra, it's really important to change the passwords now. That is, if Zimbra's servers are patched.

No "if" about Comcast - they use a version of Zimbra. I have no idea of what version they're using - or that of Yahoo, which I gave up 3 years ago. Since VMWare bought Zimbra last year, who knows when all of the issues with that platform are going to be resolved.

I had my YMail address book hacked twice, and that second time was enough for me. Yahoo's security sucks IMO. Good luck!

 

[satcomer]

I had my YMail address book hacked twice, and that second time was enough for me. Yahoo's security sucks IMO. Good luck!

Well an article posted called Important Security Update for Yahoo Mail Users and Yahoo mail hacked: What to do if you’ve been affected. So if you are using Yahoo email at all change your password ASAP.

 

[campyguy]

Well an article posted called Important Security Update for Yahoo Mail Users and Yahoo mail hacked: What to do if you’ve been affected. So if you are using Yahoo email at all change your password ASAP.

Here's my Yahoo! Mail security bulletin - ditch Yahoo! Mail!!!

 

[CrickettGrrrl]

No "if" about Comcast - they use a version of Zimbra. I have no idea of what version they're using - or that of Yahoo, which I gave up 3 years ago. Since VMWare bought Zimbra last year, who knows when all of the issues with that platform are going to be resolved.

I had my YMail address book hacked twice, and that second time was enough for me. Yahoo's security sucks IMO. Good luck!

Here's my Yahoo! Mail security bulletin - ditch Yahoo! Mail!!!

Only using a Yahoo sign-in for Flickr, not for email or anything else. I would have continued logging in with a Gmail address but Yahoo's discontinuing that.

From all the stuff I'm reading about Heartbleed, some sites advise changing Gmail, Facebook, Dropbox, Intuit/TurboTax, etc., passwords as well.

 

[campyguy]

Only using a Yahoo sign-in for Flickr, not for email or anything else. I would have continued logging in with a Gmail address but Yahoo's discontinuing that.

From all the stuff I'm reading about Heartbleed, some sites advise changing Gmail, Facebook, Dropbox, Intuit/TurboTax, etc., passwords as well.

I'm so sick of this. I got a letter on Friday from a former 401k provider - VALIC - that an employee of there's had my data in his/her possession and "I may be a victim of identity theft" - I left the company more than a decade ago! I was also part of the Adobe fiasco late last year. I missed out on the Target crap by just a few days. My work email account was getting spammed since this Heartbleed thing came out, and I had to change all of my account login credentials - because a former client of mine saved my contact info to (what else?) her Yahoo! email account. I spent all day putting out fires, and getting calls from my mom's elderly friends of "what to do?".

I need a couple of drinks, and I'm considering a move to Kolonia, Pohnpei. A college friend of mine owns the Ace Hardware store and an ice cream shop. Let me know if you want vanilla or chocolate (I like both...). I'll sweep up later.

 

[CrickettGrrrl]

I'm so sick of this. I got a letter on Friday from a former 401k provider - VALIC - that an employee of there's had my data in his/her possession and "I may be a victim of identity theft"

Yes, had this scenario happen to me last year from my husband's Hospice Care, They didn't believe he was dying as quickly as the doctors said so I had very little help from them except via rushed phone calls. Then three years after he died, his & mine SS#s and other data stolen. Yay, and gee thanks for everything. Ditto Adobe, ditto Target -except I hadn't used a credit card there in over 5 years.

Any rate, sadly, we can all expect the fallout from Heartbleed to continue for possibly years. Although the big players can be credited with patching their servers rather quickly (days or hours) after the announcement, smaller sites, routers, certain cell phones, other devices ---may never see patches.

After countless exhortations for ordinary users to be more secure on the internet, it's really out of our hands at this point when servers can be breached like this. Or companies be idiotic with their customers' data.