Topic: Hackers trying to steal crypto by loggin in to exchanges and hacking my email (Read 281 times)
October 11, 2017, 12:29:10 AM
I will be following this thread because I know someone who had the same issue. I also recommend to use gmail for anything that involves bitcoin because it is more secured than yahoo.
October 10, 2017, 11:56:14 PM
Hey SimonJones, did you figure this out? I'm having the exact same problem with my Yahoo account. It has me seriously spooked.
September 14, 2017, 01:26:37 AM
They got my email from BTC-e. The exchanged was compromised some years ago and they got hold of user emails.
It's interesting that I posted this in the yahoo help forums and my post got deleted. I suspect it's a Yahoo Mail bug because the hacker was able to add an alternate email to my account without requiring my password. It may be a bug with how the account security recovery code is sent when you are signed in to mobile devices that have not been updated for long.
Oh gosh, this case is very alarming. I guess Yahoo! Should look into this very well, or they compromise the security of accounts they are handling. It's a bit alarming in a sense that hackers can do this without an actual password.It's interesting that I posted this in the yahoo help forums and my post got deleted. I suspect it's a Yahoo Mail bug because the hacker was able to add an alternate email to my account without requiring my password. It may be a bug with how the account security recovery code is sent when you are signed in to mobile devices that have not been updated for long.
Do you think hackers can penetrate bitcoin accounts too and transfer hard earned bitcoins to another account? Curious on this though. Thanks for your reply.
September 13, 2017, 11:32:21 PM
So i always enable 2-factor authentication on my account.
September 13, 2017, 01:42:53 AM
They got my email from BTC-e. The exchanged was compromised some years ago and they got hold of user emails.
It's interesting that I posted this in the yahoo help forums and my post got deleted. I suspect it's a Yahoo Mail bug because the hacker was able to add an alternate email to my account without requiring my password. It may be a bug with how the account security recovery code is sent when you are signed in to mobile devices that have not been updated for long.
It's interesting that I posted this in the yahoo help forums and my post got deleted. I suspect it's a Yahoo Mail bug because the hacker was able to add an alternate email to my account without requiring my password. It may be a bug with how the account security recovery code is sent when you are signed in to mobile devices that have not been updated for long.
September 12, 2017, 09:07:27 AM
Always make sure that you provide your email only to trusted parties and always subscribe at trusted providers. Hackers can get access to your account in many ways, and the most likely one is through your email, so make sure your email provider is safe, as it is the first entry point for potential hackers
September 12, 2017, 02:45:21 AM
Repeat : How is he able to add an alternate email account and send recovery code to log in from that email? It's not possible to add an alternate account without my password. And if he had my password, why add an alternate email
September 12, 2017, 02:00:56 AM
Please try to change your email. Your email may have auto forward function like gmail.
No I don't have auto forward.
Why would the hacker send an account key code to another email and add an alternate email to my email address? And how can he send the account key code to another email?
September 12, 2017, 01:44:01 AM
Please try to change your email. Your email may have auto forward function like gmail.
Yes, change to gmail and enable 2FA
September 12, 2017, 01:40:10 AM
Please try to change your email. Your email may have auto forward function like gmail.
September 12, 2017, 01:34:52 AM
Someone has logged into my account by sending the account key code to another email 2 times yesterday. The first time i received this email:
___________________
On SeptembeTESTEST pm, the following alternate email address was added to your Yahoo account: **Username Protected**@gmail.com You can now use this alternate email address to safely recover your Yahoo account and verify your identity.
___________________
We sent an Account Key (code) to **Username Protected**@gmail.com which was used to sign in to your Yahoo account (********@yahoo.com). Date and Time: SeptembeTESTEST1 AM PDT Estimated Location: Colorado, United States (IP AddresTESTEST) Device: chrome, windows nt
___________________
And he signed in to my account.
I then changed my password and signed him out. I also removed permission for all apps from my account security page and only have my personal phone signed in to my account.
But a few hours later i got these 2 emails again.
___________________
On SeptembeTESTEST am, the following alternate email address was added to your Yahoo account: **Username Protected**@gmail.com
___________________
We sent an Account Key (code) to **Username Protected**@gmail.com which was used to sign in to your Yahoo account (********@yahoo.com). Date and Time: SeptembeTESTEST4 PM PDT Estimated Location: Canada (IP AddresTESTEST) Device: chrome, windows nt
___________________
I removed him again but i have nothing else to do as all app permissions were already removed earlier.
I have 2 step login activated with my mobile number but it seems that does not stop the login.
The password is unique and is only used in yahoo.
My other emails are safe so i know it's not my PC that has been compromised.
He tried to reset my password for other sites and was able to reset some passwords. Binance and BTC-e. But Binance i had google authenticator and BTC-e he was able to login but withdrawals from the site are paused at the moment.
EDIT : How is he able to add an alternate email account and send recovery code to log in from that email? It's not possible to add an alternate account without my password. And if he had my password, why add an alternate email.
The only thing i can think of is that some app is giving access to add an alternate email account.
Please advise.
Thanks.
___________________
On SeptembeTESTEST pm, the following alternate email address was added to your Yahoo account: **Username Protected**@gmail.com You can now use this alternate email address to safely recover your Yahoo account and verify your identity.
___________________
We sent an Account Key (code) to **Username Protected**@gmail.com which was used to sign in to your Yahoo account (********@yahoo.com). Date and Time: SeptembeTESTEST1 AM PDT Estimated Location: Colorado, United States (IP AddresTESTEST) Device: chrome, windows nt
___________________
And he signed in to my account.
I then changed my password and signed him out. I also removed permission for all apps from my account security page and only have my personal phone signed in to my account.
But a few hours later i got these 2 emails again.
___________________
On SeptembeTESTEST am, the following alternate email address was added to your Yahoo account: **Username Protected**@gmail.com
___________________
We sent an Account Key (code) to **Username Protected**@gmail.com which was used to sign in to your Yahoo account (********@yahoo.com). Date and Time: SeptembeTESTEST4 PM PDT Estimated Location: Canada (IP AddresTESTEST) Device: chrome, windows nt
___________________
I removed him again but i have nothing else to do as all app permissions were already removed earlier.
I have 2 step login activated with my mobile number but it seems that does not stop the login.
The password is unique and is only used in yahoo.
My other emails are safe so i know it's not my PC that has been compromised.
He tried to reset my password for other sites and was able to reset some passwords. Binance and BTC-e. But Binance i had google authenticator and BTC-e he was able to login but withdrawals from the site are paused at the moment.
EDIT : How is he able to add an alternate email account and send recovery code to log in from that email? It's not possible to add an alternate account without my password. And if he had my password, why add an alternate email.
The only thing i can think of is that some app is giving access to add an alternate email account.
Please advise.
Thanks.
Jump to: