How do you know they broke into your account to send spam
as
opposed to simply spoofing your email address in the sender
field?
This happened to me a while back. Some of the spam was sent to
email addresses that no longer exist, so it was bounced back to my Yahoo account
and I could look at the headers. It was sent through Yahoo's servers, so saying
'broke into my account' is a reasonable description of the situation.
When
I changed my password, a message came up that some website (from India, I think)
that I'd never heard of had had permission to send email from my account. The
password change process removes such permissions. I had no idea that was even
possible.
I don't know whether the bad guys managed to get a hold of my
hashed Yahoo password and crack it, or managed to get that permission set by
some other exploit. [ Reply to This | Parent | # ]
|