Did my email get hacked? What to do now?
March 10, 2013 6:17 PM Subscribe
I think my old email just got hacked. I received some spam, from my old email address itself, (and the "From" part had my name and email, even though I didn't send it, as the spammer did) and about a dozen "unable to deliver" messages from my old email's "mailer daemon" (this is on yahoo). In those messages and the email that was successfully delivered to me on the old email and my newer accounts, it lists countless numbers of other people and contacts, including high school teachers, bosses, family, friends, potential employers, and even friends of exes. Most of these people aren't even in my contacts list, but I still have emails from them/to them (this is an old but relatively recent email that I've kept for nostalgic reasons). I am mortified that all of these people, none of whom I've spoken to recently in at least the past couple of years (and in some cases, longer), got this spam from "me" out of the blue. Should I delete this email address, in case it may be compromised by a hacker? Should I email these people to apologize, even though we no longer are in touch? I have already changed the password and don't know what to do. Any help would be so appreciated.
It happened a couple of hours ago as I was checking my email on my phone, where I can see the new mail from all of my accounts, including personal, professional and the old account. I feel so mortified and embarrassed that all these people in my old account got spam from my old email, except the addresses that were unable to receive the emails (as noted by the failure messages). Some of the people it reached were bosses, employers and friends of an ex, as well as high school teachers and admissions reps at colleges. Not everyone that got spammed were on my Contacts list, so I'm thinking that the spammer or robot that did this found the email addresses through looking at past mail. I feel such an invasion of privacy.
I have no idea how this really happened, but I'm wondering, should I email any of these people to apologize? I am not in contact with any of them anymore, (some of whom I voluntarily estranged myself from, such as an ex-friend who had drug problems) so I feel really embarrassed this happened. I'm hoping the emails went straight to the spam folder, but just thinking about the possibility it didn't makes me feel worse.
What should I do now that this happened? Should I apologize to anyone, or just let it go, as none of them are in my life anymore? Should I delete the email and change all of my other passwords? Make sure there haven't been any illegal charges on my credit card, etc? What do you think happened here?
I am very confused, so any help would be much appreciated. Thanks so much in advance!
It happened a couple of hours ago as I was checking my email on my phone, where I can see the new mail from all of my accounts, including personal, professional and the old account. I feel so mortified and embarrassed that all these people in my old account got spam from my old email, except the addresses that were unable to receive the emails (as noted by the failure messages). Some of the people it reached were bosses, employers and friends of an ex, as well as high school teachers and admissions reps at colleges. Not everyone that got spammed were on my Contacts list, so I'm thinking that the spammer or robot that did this found the email addresses through looking at past mail. I feel such an invasion of privacy.
I have no idea how this really happened, but I'm wondering, should I email any of these people to apologize? I am not in contact with any of them anymore, (some of whom I voluntarily estranged myself from, such as an ex-friend who had drug problems) so I feel really embarrassed this happened. I'm hoping the emails went straight to the spam folder, but just thinking about the possibility it didn't makes me feel worse.
What should I do now that this happened? Should I apologize to anyone, or just let it go, as none of them are in my life anymore? Should I delete the email and change all of my other passwords? Make sure there haven't been any illegal charges on my credit card, etc? What do you think happened here?
I am very confused, so any help would be much appreciated. Thanks so much in advance!
Yeah, it happens, esp. lately ... I just got an email today from someone I never correspond with that was a spam, I knew it was, and just deleted it. However, he did send out an email to "everyone" apologizing. I don't think it was necessary, but hey, it didn't hurt anything for him to write it. It basically just said "sorry folks, my email account got hacked, I've corrected the problem". My daughters yahoo account also got hacked this way last week. She moved to gmail. Don't worry about it too much. Can't help beyond that.
posted by batikrose at 6:27 PM on March 10, 2013
posted by batikrose at 6:27 PM on March 10, 2013
I've had a half dozen of these land in my inbox from yahoo accounts in the last couple of weeks. I just delete them. Something is messed up at yahoo mail right now. I certainly don't harbor a grudge against the purported senders since they have nothing to do with it. Send an email if it makes you feel better but I'm sure no one is cursing your name right now.
posted by Cuke at 6:34 PM on March 10, 2013
posted by Cuke at 6:34 PM on March 10, 2013
You probably were not hacked - somebody just used your email address as the return address on spam. See Joe Job. If the recipients have decent email providers it is likely the email was recognized as spam and they never saw it anyway. But change just your password just in case. Really, it's not that big of a deal, it happens to everybody sooner or later. You don't have to be ashamed and hide in anonymity ;)
posted by COD at 6:37 PM on March 10, 2013 [2 favorites]
posted by COD at 6:37 PM on March 10, 2013 [2 favorites]
Yeah, probably not hacked. It's a lot easier to spoof an email header with a false but valid email address than it is to actually hijack someone's account. Most commercial email interfaces won't actually let you spam anyway.
Change your password anyway though.
posted by valkyryn at 6:43 PM on March 10, 2013
Change your password anyway though.
posted by valkyryn at 6:43 PM on March 10, 2013
In my family there are a few people who wouldn't necessarily recognize spam or don't realize that they should just completely ignore it. If you have some of those too, then I would send out a short "please ignore" email.
posted by metahawk at 6:43 PM on March 10, 2013
posted by metahawk at 6:43 PM on March 10, 2013
In those messages and the email that was successfully delivered to me on the old email and my newer accounts, it lists countless numbers of other people and contacts, including high school teachers, bosses, family, friends, potential employers, and even friends of exes. Most of these people aren't even in my contacts list, but I still have emails from them/to them (this is an old but relatively recent email that I've kept for nostalgic reasons).
That's not a simple joe job. That's a compromised Yahoo account.
I have no idea how this really happened
Piss-poor password, most likely. So after you've fixed that, you should log into that old mail account and comb through everything stored in there, looking for stuff that might be of use to an identity thief (passwords, credit card numbers and so forth). If you find any, contact the associated service providers and have those things changed.
You might want to get onto that fairly quickly, in case the person who compromised your account attempts to stop you by deleting everything.
posted by flabdablet at 6:55 PM on March 10, 2013 [3 favorites]
That's not a simple joe job. That's a compromised Yahoo account.
I have no idea how this really happened
Piss-poor password, most likely. So after you've fixed that, you should log into that old mail account and comb through everything stored in there, looking for stuff that might be of use to an identity thief (passwords, credit card numbers and so forth). If you find any, contact the associated service providers and have those things changed.
You might want to get onto that fairly quickly, in case the person who compromised your account attempts to stop you by deleting everything.
posted by flabdablet at 6:55 PM on March 10, 2013 [3 favorites]
This happens all the time. In the past year alone at least a dozen people in my life have gotten viruses on various platforms and had their accounts send out spam to all sorts of random contacts. I do not think twice about it. At most I think "oops, I guess Jim got a virus" and I delete it. I do not sit there thinking "wow what a loser, why would he email me after all these years and email me a bunch of spam to boot." So don't worry about it. At maximum, you could write them all a note saying "Sorry guys, my account was hacked." No big deal either way. Out of all those people I know who got viruses this year, only one of them even bothered to send out a short message like that.
posted by cairdeas at 7:15 PM on March 10, 2013
posted by cairdeas at 7:15 PM on March 10, 2013
Oh, the most embarrassing virus I remember a friend getting was one on Facebook, where it had your account post a porn video in a status update and say "wow, you will NEVER believe what she does in this video." My friend who got that virus is the director of a museum, and has hundreds of FB friends. You can imagine the kinds of people she had as her contacts. But I don't think a single one of them thought that she was really just posting porn at random. A bunch of people did post on her wall to tell her she had a virus though.
posted by cairdeas at 7:19 PM on March 10, 2013 [1 favorite]
posted by cairdeas at 7:19 PM on March 10, 2013 [1 favorite]
Your account was hacked. It happened to my significant other yahoo's about a few weeks ago and it happened to my yahoo's account (which I use perhaps once a year and which I had not used in at least two or three months) just last week. I suspect that it's a security problem at Yahoo - based on other people reporting similar thing.
posted by aroberge at 7:49 PM on March 10, 2013
posted by aroberge at 7:49 PM on March 10, 2013
You can go into your Yahoo! account settings and see the location of recent logins. My account was hacked and it was via Yahoo mobile from Brazil. I suspect the address was harvested from Linked In or some job board with shitty security.
posted by fiercekitten at 8:06 PM on March 10, 2013
posted by fiercekitten at 8:06 PM on March 10, 2013
I suspect that it's a security problem at Yahoo
I'm not seeing customer Yahoo accounts breached any more often than customer Gmail accounts.
In every single case that's come to my attention, the security breach has not been the mai provider's fault, but has involved a weak password; about three times out of four, that same weak password has been used across multiple services.
With password cracking and phishing bots as widespread as they are today, the simple rules are: (1) any password that a human can reasonably be expected to remember is too weak to keep you safe online and (2) using any password for multiple purposes is asking for trouble.
Just use a password safe. The initial inconvenience and the learning curve are more than worth it for the peace of mind you get from immunity against Internet bottom feeders.
posted by flabdablet at 9:19 PM on March 10, 2013 [1 favorite]
I'm not seeing customer Yahoo accounts breached any more often than customer Gmail accounts.
In every single case that's come to my attention, the security breach has not been the mai provider's fault, but has involved a weak password; about three times out of four, that same weak password has been used across multiple services.
With password cracking and phishing bots as widespread as they are today, the simple rules are: (1) any password that a human can reasonably be expected to remember is too weak to keep you safe online and (2) using any password for multiple purposes is asking for trouble.
Just use a password safe. The initial inconvenience and the learning curve are more than worth it for the peace of mind you get from immunity against Internet bottom feeders.
posted by flabdablet at 9:19 PM on March 10, 2013 [1 favorite]
I've gotten spam email that clearly came from the hacked email accounts of former professors, former bosses and acquaintances I haven't spoken to in years. No one cares. My mom got one from a relative and she's less savvy than I am, clicked it, got taken to some sketchy website with way under-priced electronics, asked me if we should get the camera she wants from it, etc. Some people might not understand, depending what it is and how they are, so if you can see the sent mail, maybe send out a "Got hacked, ignore" email.
Delete the sketchy messages, check your email forwarding and POP3 etc preferences, run some virus/malware/etc scans, and then change your password. The end.
posted by AppleTurnover at 9:22 PM on March 10, 2013
Delete the sketchy messages, check your email forwarding and POP3 etc preferences, run some virus/malware/etc scans, and then change your password. The end.
posted by AppleTurnover at 9:22 PM on March 10, 2013
I've noticed a lot of spam from Yahoo Mail accounts in the past half year, whereas very few from Gmail or other services. I suspect there might be some sort of Yahoo-specific malware behind this situation but I don't know what it is.
posted by Dansaman at 12:49 AM on March 11, 2013
posted by Dansaman at 12:49 AM on March 11, 2013
I don't know whether you were hacked, but you need to do these three things in case you were:
1. Change your secondary e-mail address in your profile/account
2. Change your password security questions and answers
3. Now change your password
posted by devnull at 2:37 AM on March 11, 2013
1. Change your secondary e-mail address in your profile/account
2. Change your password security questions and answers
3. Now change your password
posted by devnull at 2:37 AM on March 11, 2013
This happened to my Yahoo account a couple of weeks ago, thanks to a terrible password I'd been using since 1997. I changed the password and when people wrote to tell me I'd been hacked I said "Yeah, I know, sorry." It's really nothing to be ashamed of.
posted by languagehat at 9:17 AM on March 11, 2013
posted by languagehat at 9:17 AM on March 11, 2013
Mod note: This is a followup from the asker.
Thank you, Mefites, for all of your help! I was really embarrassed about what my old contacts would think, but your comments really helped me.posted by cortex (staff) at 2:38 PM on March 11, 2013
It appears my account was indeed hacked. I checked the recent logins option and saw that when my account was hacked, it was via Yahoo Mobile in Missouri. It was unexpected to see a break-in from here in the U.S., especially as I don't know anyone at all from Missouri, but I'm guessing it happened because my password was weak, old and used across multiple sites. Thankfully I have woken up to the importance of secure Internet passwords and updated all of them, using different ones for each that are at least 20 characters, so I hope that works. In fact, my gut was bugging me recently to update my passwords. I should have listened earlier!
Thanks everyone for your suggestions. I'm going to get one of those password safes flabdablet mentioned. Your help has been much appreciated! Take care and stay safe from hackers!
« Older What should I do about gossiping and emotionally... | How do I care less about what my girlfriend is... Newer »
This thread is closed to new comments.
posted by facetious at 6:19 PM on March 10, 2013