Author

Topic: Hackers trying to steal crypto by loggin in to exchanges and hacking my email (Read 304 times)

full member
Activity: 630
Merit: 100
I will be following this thread because I know someone who had the same issue. I also recommend to use gmail for anything that involves bitcoin because it is more secured than yahoo.
newbie
Activity: 1
Merit: 0
Hey SimonJones, did you figure this out? I'm having the exact same problem with my Yahoo account. It has me seriously spooked.
full member
Activity: 462
Merit: 100
They got my email from BTC-e. The exchanged was compromised some years ago and they got hold of user emails.

It's interesting that I posted this in the yahoo help forums and my post got deleted. I suspect it's a Yahoo Mail bug because the hacker was able to add an alternate email to my account without requiring my password. It may be a bug with how the account security recovery code is sent when you are signed in to mobile devices that have not been updated for long.
Oh gosh, this case is very alarming. I guess Yahoo! Should look into this very well, or they compromise the security of accounts they are handling. It's a bit alarming in a sense that hackers can do this without an actual password.
Do you think hackers can penetrate bitcoin accounts too and transfer hard earned bitcoins to another account? Curious on this though. Thanks for your reply.
newbie
Activity: 1
Merit: 0
So i always enable 2-factor authentication on my account.
sr. member
Activity: 485
Merit: 250
They got my email from BTC-e. The exchanged was compromised some years ago and they got hold of user emails.

It's interesting that I posted this in the yahoo help forums and my post got deleted. I suspect it's a Yahoo Mail bug because the hacker was able to add an alternate email to my account without requiring my password. It may be a bug with how the account security recovery code is sent when you are signed in to mobile devices that have not been updated for long.
member
Activity: 117
Merit: 10
Always make sure that you provide your email only to trusted parties and always subscribe at trusted providers. Hackers can get access to your account in many ways, and the most likely one is through your email, so make sure your email provider is safe, as it is the first entry point for potential hackers
sr. member
Activity: 485
Merit: 250
Repeat : How is he able to add an alternate email account and send recovery code to log in from that email? It's not possible to add an alternate account without my password. And if he had my password, why add an alternate email
sr. member
Activity: 485
Merit: 250
Please try to change your email. Your email may have auto forward function like gmail.

No I don't have auto forward.

Why would the hacker send an account key code to another email and add an alternate email to my email address? And how can he send the account key code to another email?
newbie
Activity: 16
Merit: 0
Please try to change your email. Your email may have auto forward function like gmail.

Yes, change to gmail and enable 2FA
full member
Activity: 516
Merit: 100
Hei everybody
Please try to change your email. Your email may have auto forward function like gmail.
sr. member
Activity: 485
Merit: 250
Someone has logged into my account by sending the account key code to another email 2 times yesterday. The first time i received this email:
___________________
On SeptembeTESTEST pm, the following alternate email address was added to your Yahoo account: **Username Protected**@gmail.com You can now use this alternate email address to safely recover your Yahoo account and verify your identity.
___________________
We sent an Account Key (code) to **Username Protected**@gmail.com which was used to sign in to your Yahoo account (********@yahoo.com). Date and Time: SeptembeTESTEST1 AM PDT Estimated Location: Colorado, United States (IP AddresTESTEST) Device: chrome, windows nt
___________________
And he signed in to my account.
I then changed my password and signed him out. I also removed permission for all apps from my account security page and only have my personal phone signed in to my account.
But a few hours later i got these 2 emails again.
___________________
On SeptembeTESTEST am, the following alternate email address was added to your Yahoo account: **Username Protected**@gmail.com
___________________
We sent an Account Key (code) to **Username Protected**@gmail.com which was used to sign in to your Yahoo account (********@yahoo.com). Date and Time: SeptembeTESTEST4 PM PDT Estimated Location: Canada (IP AddresTESTEST) Device: chrome, windows nt
___________________
 
I removed him again but i have nothing else to do as all app permissions were already removed earlier.
 
I have 2 step login activated with my mobile number but it seems that does not stop the login.
The password is unique and is only used in yahoo.
My other emails are safe so i know it's not my PC that has been compromised.

He tried to reset my password for other sites and was able to reset some passwords. Binance and BTC-e. But Binance i had google authenticator and BTC-e he was able to login but withdrawals from the site are paused at the moment.
 
EDIT : How is he able to add an alternate email account and send recovery code to log in from that email? It's not possible to add an alternate account without my password. And if he had my password, why add an alternate email.

The only thing i can think of is that some app is giving access to add an alternate email account.
 
Please advise.
 
Thanks.
Jump to: