Re: [OT] Has my e-mail account been hacked?

To: debian-user@lists.debian.org
Subject: Re: [OT] Has my e-mail account been hacked?
From: Brian <ad44@cityscape.co.uk>
Date: Wed, 14 Oct 2015 10:04:55 +0100
Message-id: <[🔎] 14102015095831.cf1ab7815556@desktop.copernicus.demon.co.uk>
In-reply-to: <[🔎] 923531702.50253824.1444789268113.JavaMail.zimbra@wowway.com>
References: <[🔎] 1667908699.49175606.1444661022955.JavaMail.zimbra@wowway.com> <[🔎] 20151012163627.GE8414@copernicus.demon.co.uk> <[🔎] 616803017.50164765.1444776204617.JavaMail.zimbra@wowway.com> <[🔎] 20151013225758.GC14749@copernicus.demon.co.uk> <[🔎] 923531702.50253824.1444789268113.JavaMail.zimbra@wowway.com>

On Tue 13 Oct 2015 at 22:21:08 -0400, Stephen Powell wrote:

> On Tue, 13 Oct 2015 18:57:58 -0400 (EDT), Brian <ad44@cityscape.co.uk> wrote:
> > 
> > The comment was a general one and directed at all our readers. However,
> > earlier you said "Someone discovered my password somehow". You have
> > just demolished that guess as having no basis as a likely cause.
> 
> Likely, no, but still possible.  For example, when I update my web
> pages, I use my ISP's FTP server.  Suppose someone else on my ISP's subnet
> has a network sniffer in promiscuous mode.  The FTP server uses ordinary
> unencrypted FTP.  The userid and password are sent in clear text.  I wish
> they had an FTPS server, but the last time I checked, they didn't.  I use
> e-mail solely through a web-based e-mail client.  When I login, I don't
> know if the password is sent in clear text over the network or not.
> 
> That being said, if my password was obtained in this manner, I don't have
> much of a defense against it.  If I change my password, they can get the
> new one the same way as they got the old one.
> 
> Another possibility is a malicious web site that I may have unknowingly
> visited that managed to find a password in memory, a cookie, etc.  So
> despite all the precautions that I have taken, it is still possible for
> a password to be "discovered".
> 
> Having said that, it looks like someone else's credentials may have been
> used, based on some other posts to this thread.  But I am not an expert
> in these matters.  That's why I asked for help.

Your mails all have

  X-Authed-Username: emxpbnV4bWFuQHdvd3dheS5jb20=

The one to aol.com has

  X-Authed-Username: dGhlY291Z2hpbmdjYW5hcnlAd293d2F5LmNvbQ==

so did not come from your account.

Someone has access (legitimately or not) to the second account and is
sending mails with a forged envelope From. Your only recourse is to
present the evidence to the ISP and let them deal with it.

Reply to:

Follow-Ups:
- [SOLVED] [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>

References:
- [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>
- Re: [OT] Has my e-mail account been hacked?
  - From: Brian <ad44@cityscape.co.uk>
- Re: [OT] Has my e-mail account been hacked?
  - From: Stephen Powell <zlinuxman@wowway.com>

Prev by Date: Re: [OT] Has my e-mail account been hacked?
Next by Date: Re: Regarding wiki.d.o
Previous by thread: Re: [OT] Has my e-mail account been hacked?
Next by thread: [SOLVED] [OT] Has my e-mail account been hacked?
Index(es):
- Date
- Thread