Quote from: ejoyc on January 12, 2013, 04:08 pmHi all,I have checked my yahoo activity log and 2 weeks ago someone hacked in to my account. That day I received this mail from MAILER-DAEMON@yahoo.com titled Failure Notification.It contains the IP (110.138.227.177) of the malicious user that logged in my account and the email address of one of the contacts I found on my yahoo chat without I added them... since I use a (think) clean Linux and never clicked on suspect links, how did they do ? Code: [Select]Sorry, we were unable to deliver your message to the following address.<playfulmo0nstar0@yahoo.com>:Remote host said: 554 delivery error: dd This user doesn't have a yahoo.com account (playfulmo0nstar0@yahoo.com) [0] - mta1372.mail.gq1.yahoo.com [BODY]--- Below this line is a copy of the message.Received: from [212.82.105.245] by nm6.bullet.mail.ird.yahoo.com with NNFMP; 27 Dec 2012 01:19:14 -0000Received: from [212.82.108.135] by tm17.bullet.mail.ird.yahoo.com with NNFMP; 27 Dec 2012 01:19:14 -0000Received: from [127.0.0.1] by omp1040.mail.ird.yahoo.com with NNFMP; 27 Dec 2012 01:19:14 -0000X-Yahoo-Newman-Property: ymail-3X-Yahoo-Newman-Id: 188342.42706.bm@omp1040.mail.ird.yahoo.comReceived: (qmail 93270 invoked by uid 60001); 27 Dec 2012 01:19:14 -0000DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=yahoo.it; s=s1024; t=1356571154; bh=peHmDdENfdohc50yjgnrbEt/hwL/Rvd69sF6PuwaLJA=; h=X-YMail-OSG:Received:X-Rocket-MIMEInfo:X-Mailer:Message-ID:Date:From:Reply-To:To:MIME-Version:Content-Type; b=xylycVOK+azEiK0UOVp/vgpQhx4xXWsvpYcYaveDdRw+3PuoI1uo5Ah/T6SpluirRsx3kb5dcO6K6A6PXPBah4gokhdH/wUVN3e4Jj/hX0W9MW/btnhLF7nH2XsSL1yHXRrF0bzeYjB0ROpEIgrscS/tydErZrJQs0fxuhCDymE=Received: from [110.138.227.177] by web132102.mail.ird.yahoo.com via HTTP; Thu, 27 Dec 2012 01:19:13 GMTX-Rocket-MIMEInfo: 001.001,aHR0cDovL3NoYXp1ci5jb20vd3AtY29udGVudC9wbHVnaW5zLzZzY2FuLXByb3RlY3Rpb24vbGliLnBocAEwAQEBAQ--X-Mailer: YahooMailWebService/0.8.129.483Message-ID: <1356571153.71736.YahooMailNeo@web132102.mail.ird.yahoo.com>Date: Thu, 27 Dec 2012 01:19:13 +0000 (GMT)From: Ddd Dfdd <myaddress@yahoo.de>Reply-To: Ddd Dfdd <myaddress@yahoo.de>To: playfulmo0nstar0@yahoo.comMIME-Version: 1.0Content-Type: multipart/alternative; boundary="1972604429-521387806-1356571153=:71736"--1972604429-521387806-1356571153=:71736Content-Type: text/plain; charset=utf-8Content-Transfer-Encoding: quoted-printablehttp://shazur.com/wp-content/plugins/6scan-protection/lib.php--1972604429-521387806-1356571153=:71736Content-Type: text/html; charset=utf-8Content-Transfer-Encoding: quoted-printable<html><body><div style=3D"color:#000; background-color:#fff; font-family:ti=mes new roman, new york, times, serif;font-size:12pt"><div><a name=3D"zgglv=geloj" title=3D"jvzwktwt" href=3D"http://shazur.com/wp-content/plugins/6sca=n-protection/lib.php">http://shazur.com/wp-content/plugins/6scan-protection=/lib.php</a></div></div></body></html>--1972604429-521387806-1356571153=:71736--In order to have your email hacked, your computer need not be hacked. All an attacker has to do is exploit some vulnerability server-side. Now, that said, getting a bounce message does not necessarily mean that your email account was hacked. I've occasionally gotten bounce messages to my clearnet account, listing emails that I never sent. All it takes to have this happen is for someone to spoof an email as coming form your address, with your return address appearing in the email somewhere. That way, when the email bounces, it goes back to the only address it has: yours. If you must, change your password(s) to longer, more secure ones. Keep an eye on the account, but don't panic. Nightcrawler <Nightcrawler@SR>PGP-Key: 4096R/BBF7433B 2012-09-22Key fingerprint = D870 C6AC CC6E 46B0 E0C7 3955 B8F1 D88E BBF7 433BPGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090