Yahoo mail hacked?

2 minutes, 30 seconds

I’ve had three friends with yahoo accounts send me email that was clearly not them sending it. It was a spammer. One friend had every contact emailed, in alphabetical order, in groups of 10. The symptoms seem to be:

  • Emails are really sent from yahoo account, there’s a copy in the “sent mail” folder
  • Password is changed such that you need to call yahoo or otherwise reset your password
  • Groups of 10 people emailed

Another geek friend reported the same with a number of his friends who have yahoo email getting hacked as well. Him contacting me prompted this post to get awareness out there ( you know, to all 3 of you who read this). No real news on the interwebs, leave this post: Who Hijacked Yahoo Mail?

Here’s the nice view of the email (sensitive data yas been obscured with “***********”)::

From: Anders ***********
To: egwit, awarnow, avkirby, starsister77, apnun, ann, jara, apollostwinsis., haywoodashley, me
date: Tue, Feb 16, 2010 at 3:06 PM
subject: Bettina Mischkalla

Here’s the raw email I got from my friend’s hacked account (sensitive data yas been obscured with “***********”):

Delivered-To: mrjones@***********.com
Received: by with SMTP id s16cs151659ibu;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received: by with SMTP id g10mr4771311rva.57.1266361611517;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received: from ***********.com (***********.com [])
        by with ESMTP id 31si10777747pzk.62.2010.;
        Tue, 16 Feb 2010 15:06:51 -0800 (PST)
Received-SPF: pass ( best guess record for domain of 
mrjones@***********.com designates as permitted sender) 
Authentication-Results:; spf=pass ( best 
guess record for domain of mrjones@***********.com designates as permitted sender) smtp.mail=mrjones@***********.com; 
dkim=neutral (body hash did not verify)
Received: by ***********.com (Postfix, from userid 501)
	id 2AFAC968B7C; Tue, 16 Feb 2010 15:06:45 -0800 (PST)
X-Original-To: mrjones@***********.com
Delivered-To: mrjones@***********.com
Received: from ( 
	by ***********.com (Postfix) with SMTP id 7D7D4968B58
	for ; Tue, 16 Feb 2010 15:06:38 -0800 (PST)
Received: (qmail 11051 invoked by uid 60001); 16 Feb 2010 23:06:37 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; 
s=s1024; t=1266361597; bh=oJtmpSDF9JfgKjw+1+Q+Wqxiiq1f0Qc9sio+EdymNik=;
 MIME-Version:Content-Type; b=oFCN9QuJ13WOanJxxKZHrcbLHOZOMviKII3sm
DomainKey-Signature:a=rsa-sha1; q=dns; c=nofws;
X-YMail-OSG: ppvFaJUVM1kacZ05sJo0wMYepvD5By3Oxe96QISv6KgKBxmq0_Q1r1
Received: from [] by via 
HTTP; Tue, 16 Feb 2010 15:06:37 PST
X-Mailer: YahooMailWebService/
Date: Tue, 16 Feb 2010 15:06:37 -0800 (PST)
From: Anders ***********
Subject: Bettina Mischkalla
To: "egwit@***********.com" ,
  "awarnow@***********.com" ,
  "avkirby@***********.com" ,
  "starsister77@***********.com" ,
  "apnun@***********.com" ,
   "ann@***********.com" ,
  "jara@***********.com" ,
  "apollostwinsister@***********.com" ,
  "haywoodashley@***********.com" ,
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii

Leave a Reply

Your email address will not be published. Required fields are marked *