Wikipedia:Reference desk/Archives/Computing/2019 October 28

Computing desk
< October 27	<< Sep | October | Nov >>	Current desk >

Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is a transcluded archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.

October 28

Has Yahoo been hacked?

I've lately received strange e-mails. They look like they're coming from people who I'm connected with in Facebook or LinkedIn, but the contents consist of a suspicious-looking link to a URL shortening service, which I think leads to some malicious site. There's no personal message, just the link. These e-mails look like they're coming from people with yahoo.es addresses. Has Yahoo been hacked? Or why do I keep getting these e-mails seemingly from people I know, with yahoo.es addresses? JIP | Talk 11:05, 28 October 2019 (UTC)

The sender address is one of most easily spoofed parts of an e-mail message. IMHO somebody rather hacked FB to retrieve correlation between email adresses (e.g. from lists of friends and watchers.) If you suspect the messages are malicious you did perfectly by not following the links. You can also ask apparent sender(s) whether they actually sent you those messages or not. But take care to use an independent channel, i.e. not the email address from the suspicious messages. --CiaPan (talk) 11:36, 28 October 2019 (UTC)

Facebook and LinkedIn do not, by default, protect your privacy. If I look at your public profile, it will list some of your friends, with their names. So, I can easily use that to cram a name you know in the sender field. As noted, "sender" is easy to fake because it isn't checked. Whatever you put in there is what is sent. This is like sending a letter in the mail. I put anything I like in the upper left corner. The post office won't reject it. 135.84.167.41 (talk) 13:06, 28 October 2019 (UTC)

I know the sender field can be faked. That's why people get all these "I'm the widow of the deceased Nigerian prince" e-mails. But I was curious about where the people sending these e-mails get the names of people I'm connected with from. JIP | Talk 13:22, 28 October 2019 (UTC)

Some websites (I am looking at you, Facebook) sell lists of who you are connected to. These sites (still looking at you, Facebook) often gather this info and about you sell it even if you have never personally accessed their website. --Guy Macon (talk) 15:32, 28 October 2019 (UTC)

It may be possible that your friends' Yahoo accounts were hacked. The address book is a very highly-coveted target for malware. Once a hacker accesses an address book, they can worm their way into hundreds or thousands of accounts by phishing, etc. So do not discount the idea that your friends were hacked in some way. Elizium23 (talk) 00:37, 30 October 2019 (UTC)

This brings us to a shady practice by otherwise legit social-networking sites. Many, such as Yahoo and LinkedIn, will offer to harvest your contact and friends lists from other services. They give you a login page and ask you to log in all over the place, so that you can "connect better with all your friends." This is playing with fire. If someone logs in one place and gives it access to everywhere else, the address book hacks and friends-list phishing schemes become epic. That's yet another way that Yahoo.es could've wormed its way into your friends' spaces. Elizium23 (talk) 00:45, 30 October 2019 (UTC)