September 29, 2010

Has Yahoo Mail been hacked? Or do we just need better password security?

Linda just sent out a single copy of the following spammy email (the URL was live in the original):

Dear friend, How are you recently? I bought a laptop from a China company T0SHPD last week(the site is, and I received it now. The products are high quality with a very low price. They also sell mobile phones, TV, games, and so on. They are from Korea, Japan. You can go to their site to have a look, I am sure you will get many surprise and benefits. Best regards. h–)

It is in her Yahoo Mail Sent folder. It is not in the Sent folder for her desktop client (Outlook Express). Her computer passes a malware scan.

The site named first in the text looks to sell the kind of merchandise described. It has Whois record:

Domain Name: T0SHPD.COM
Whois Server:
Referral URL:
Name Server: NS1.DNSPOOD.NET
Name Server: NS2.DNSPOOD.NET
Status: ok
Updated Date: 14-aug-2010
Creation Date: 14-aug-2010
Expiration Date: 14-aug-2011

Its Google footprint seems to be a few dozen copies of that spam message, plus the default hits one gets for any domain with a live site.

The site actually linked via the URL has Whois record:

Domain Name: TOSHPD1.COM
Whois Server:
Referral URL:
Name Server: NS1.DNSPOOD.NET
Name Server: NS2.DNSPOOD.NET
Status: ok
Updated Date: 23-sep-2010
Creation Date: 23-sep-2010
Expiration Date: 23-sep-2011

Its Google footprint is very small.

The recipients are:

There’s no news of a Yahoo Mail attack going around that I could detect.

The password on Linda’s Yahoo Mail account (since changed) was not ridiculous, not brilliant, and not specific to that site alone. So the simplest theory is that her account was hit randomly, with her password being either:

Do any other plausible theories come to mind?

Be careful out there, people.


11 Responses to “Has Yahoo Mail been hacked? Or do we just need better password security?”

  1. Ajay Ohri on September 30th, 2010 3:52 am

    You probably need to contact Yahoo Mail if you think the account is hacked. I love the fact that Gmail enables me to find out my last 4-5 login IP Addresses automatically (below page in small print).
    Also time to change the password AND the hint question and answer (which are often weaker points).Gmail also has an option for moving your inbox in a manner so that you retain all present and future messages.

  2. Curt Monash on September 30th, 2010 1:03 pm


    What is this moving option? I can think of a couple of other benefits around spam. 😉



  3. David on September 30th, 2010 1:27 pm

    I’ve noticed this too; quite a few friends, relatives, and myself have heard that we sent out spam. For myself, I only saw one sent spam in my sent mail; saw another through a bounced email . It only happened once to me. Of course, I changed password, but seems to me that yahoo needs to do some investigation into their security.

  4. Lothar on September 30th, 2010 9:06 pm

    Phishing, perhaps?

  5. Curt Monash on October 1st, 2010 6:07 am

    Unlikely that Linda got phished in the normal way.

    I’m guessing a hack of some other site where she used the same password.

  6. R.A. Clark on October 3rd, 2010 3:05 am

    Just wanted to let you know that this happened to me too last night (10/2/10), luckily someone called me and told me about the email.

    Don’t know how they did it but I’m fairly familiar with all the protocols to avoid getting hacked or phished, etc. Have never had anything happen like this before … I’m of the mind that it has something to do with Facebook or something else that uses yahoo log in info.

    Thanks for the great blog! Only place I found info on this shady email.

  7. Curt Monash on October 3rd, 2010 2:48 pm

    R. A.,

    Most welcome!

    Linda IS an occasional Facebook user, but not in any edge-pushing way that I know of. I haven’t asked whether she used the same password there as on Yahoo.

  8. Michael on October 7th, 2010 6:56 pm

    Add some salt to your passwords. For example, append the name of the current website to your “regular” password for each different website (‘password’ becomes ‘passwordYahoo’). That way, if your password leaks out from one website, it won’t be used to hijack any other website, and you can still remember all the different passwords.

  9. I understand the Monash Research RSS feed isn’t working | DBMS 2 : DataBase Management System Services on October 17th, 2010 10:22 pm

    […] at least two different RSS readers) that the last post to come through our integrated RSS feed was a Monash Report post from September 29.  Is this everybody’s experience? And how are our blog-specific feeds […]

  10. james on November 12th, 2010 11:35 am

    Welcome to spam land. Linda has been lucky not to have experienced this thus far. In fact Hotmail is king of this particular spamming activity and I have received dozens – perhaps even hundreds of emails exactly like this one from several acquaintances’ Hotmail accounts. I must admit I do not understand the mechanism used for sending these, so can’t recommend a simple password change for example.

  11. rosemary lands on September 27th, 2017 8:41 pm

    When I try to go into yahoo mail I get a message directing me to either end my account or create a new one. Has my account been hacked?

Leave a Reply

Feed including blog about enterprise technology strategy and public policy Subscribe to the Monash Research feed via RSS or email:


Search our blogs and white papers

Monash Research blogs

User consulting

Building a short list? Refining your strategic plan? We can help.

Vendor advisory

We tell vendors what's happening -- and, more important, what they should do about it.

Monash Research highlights

Learn about white papers, webcasts, and blog highlights, by RSS or email.