Y! is haemorrhaging PII to me and I cannot figure out how to make it stop. I have an ancient three-letter account (you can easily guess what the three letters are) and hundreds of people have somehow been led to believe that they own and control it, to the point of associating it with their own accounts, using it as a CC in their communication with their attorneys, banks, spouses and other ... persons. Today during our traditional early-morning July 4 breakfast cookout I got an SMS message, purportedly from Y!, that "We detected unusual activity on the network. Log in to yahoo.com from the web to unlock your account." This was an out-of-the-blue first event, but there was no mechanism in the message to do anything dangerous. When back at home, logging in to Y! involved additional authentication steps and a mandatory password change. Fair enough. No sign of account access from anywhere unusual. The password change event was sent to the correct linked external accounts. But then, a new and interesting barrage of mail started coming in, indicating that, as suspected, the account associations were indeed being effected without any involvement of myself. For instance:
Hi Vince,
We detected a login attempt with valid password to your Yahoo! account ([munged by me, but not by Y!]) from an unrecognized device on Thu, Jul 4, 2013 3:56 PM VET.
Location: Venezuela (IP=186.88.201.179)
Note: The location is based on information from your Internet service or wireless carrier provider.
Was this you? If so, you can disregard the rest of this email.
(This is interesting and, perhaps, encouraging -- that's one of the cantv.net addresses I've recently seen in compromised Y! account spam headers.) I have never yet succeeded in contacting a live body at Y!. Does anyone know whether the lights are even on, let alone anybody being home? mdr -- "There are no laws here, only agreements." -- Masahiko
On Thu, 04 Jul 2013 19:12:52 -0700, Michael Rathbun <mdr@tesp.com> wrote:
I have never yet succeeded in contacting a live body at Y!. Does anyone know whether the lights are even on, let alone anybody being home?
Info received. Thanks all. mdr -- The hits just keep on coming for poor "Nadine". See the sad tale of email lists gone horribly wrong at <http://www.honet.com/Nadine/> F - IW AA #2157 GEVNP
participants (1)
-
Michael Rathbun