Can you hack my Yahoo! account? Please?
A chat log I had with a person I never talked to before. I’ve XXX-ed her identifying details, and cut some irrelevant stuff out.
I don’t usually engage in these types of conversations, and I turned her down mostly, but that’s my take on security:
| (19:13:52) | XXXXXXXXXX: | hey |
| (19:30:37) | Arik B: | Hello |
| (19:31:22) | XXXXXXXXXX: | wow ur on finally lol |
| (19:31:43) | Arik B: | Yes; Who are you? |
| (19:32:42) | XXXXXXXXXX: | um well i just was at the hackers group because this mean person took my yahoo email and i was hoping some1 could help me get it back, im XXXXX |
| (19:33:18) | Arik B: | Did you receive email into that yahoo account? |
| (19:33:23) | XXXXXXXXXX: | yea |
| (19:33:33) | Arik B: | Do you know the hacker? |
| (19:33:52) | XXXXXXXXXX: | no its some guy who i talked to and then he just got mean |
| (19:34:22) | Arik B: | Did you tell him your username and password? |
| (19:34:34) | XXXXXXXXXX: | no he just got in somehow |
| (19:36:33) | Arik B: | Okay. Go to yahoo.com, and if you are signed-in, click ’sign out’. Then click sign-in. You will be asked for your yahoo ID and your password. Instead, click below that on ‘Forgot my ID or password’. Fill in the information requested, and you will be able to set a new password. |
| (19:37:00) | XXXXXXXXXX: | i tried he must have changed the zip code or something i cant get in to it |
| (19:39:27) | Arik B: | Oh okay. Well, if he has changed that as well, your only recourse is to contact Yahoo! support, and tell them the story. They might ask for some ID or proof that you had the account. If that fails, I suggest you contact all your friends and tell them not to send mail to that address anymore, and give them a new address. If you want I can send you a GMAIL invitation so you can open a 2G GMAIL account. |
| (19:40:02) | XXXXXXXXXX: | ok thats fine with me and screw it yahoo is never any help |
| (19:41:38) | XXXXXXXXXX: | well do u know of any1 who can help me get back in my yahoo? |
| (19:41:39) | Arik B: | Okay. What was your password to the old account? Was it very simple? |
| (19:41:57) | XXXXXXXXXX: | it was XXXXXXX i just picked a cool word |
| (19:43:34) | Arik B: | Well, XXXXXXX is a bit too easy. If you want it to never happen again, choose a more difficult password. My passwords are usually abbreviations of songs, for example I can choose “Hit Me Baby One More Time” so my password is “hMb1mt”… you see the connection? This way no one can guess it but it’s very easy to remember. |
| (19:44:19) | Arik B: | It is very hard to get into Yahoo accounts without the password, I suggest that you contact support. None of the hackers I know will risk their good name to try and illegaly hack into a Yahoo account. |
| (19:44:19) | XXXXXXXXXX: | yea i shoulda picked a harder one i know it sux now but like i said do u know any1 who could help me? |
| (19:44:33) | XXXXXXXXXX: | oh ok |
| (19:45:10) | Arik B: | Hackers are not the ones that hack into accounts. These are called “Crackers”. |
| (19:45:23) | Arik B: | (because they crack accounts and computers) |
| (19:45:27) | XXXXXXXXXX: | i thought so i was just out of ideas |
| (19:45:43) | Arik B: | I would say, pick your battles. |
| (19:45:51) | XXXXXXXXXX: | well do u know of any1 that could teach me? |
| (19:46:01) | Arik B: | How to crack? |
| (19:46:18) | XXXXXXXXXX: | yea just really teach me anything that could get me back to my yahoo |
| (19:47:04) | Arik B: | Listen, XXXXXX, how important is that account really? If you had a dollar value (I don’t know where you’re from, but let’s say dollars), what would it be? |
| (19:47:39) | XXXXXXXXXX: | maybe its just a little thing but not to me i had it for 3 years |
| (19:48:20) | Arik B: | Let’s say you still had it, for the sake of this argument. How much would I pay you to give it up? $100? |
| (19:48:53) | XXXXXXXXXX: | i dont think i would give it up unless it was to some1 i can trust real good |
| (19:49:20) | Arik B: | No, I mean I want to buy it off you, you won’t use it ever again. Would you sell it to me for $100? |
| (19:49:50) | XXXXXXXXXX: | no way i liked that email i have alot of stuff there |
| (19:50:38) | Arik B: | How much? Everything has a price. |
| (19:50:57) | XXXXXXXXXX: | maybe $250 i dont know |
| (19:51:08) | XXXXXXXXXX: | but i really miss it |
| (19:51:44) | Arik B: | Okay. So it’s a $250 value. The amount of time and money you invest in this must not exceed $250, would you agree? |
| (19:52:16) | XXXXXXXXXX: | well i honestly have no idea i never thought about it but it sounds right |
| (19:53:43) | Arik B: | This is how you need to think about it. No emotions, cold hard math. If you are going to invest $300 of time and effort to get that $250 value, you shouldn’t. |
| (19:54:32) | XXXXXXXXXX: | no i just had my mail and all my pictures and several drafts of just about every poem ive ever written |
| (19:55:53) | Arik B: | Hm. |
| (19:56:35) | Arik B: | Do you have a backup for the pics and poems? because most likely the cracker erased what you have there. |
| (19:57:01) | XXXXXXXXXX: | i dont have a backup but its worth a shot to try |
| (19:57:26) | Arik B: | The photos - were they shared? |
| (19:57:51) | XXXXXXXXXX: | no they were just pictures of my old bf and some friends |
| (19:58:45) | Arik B: | I mean - were they shared in your Yahoo account with other people? Yahoo lets you share your photos. |
| (19:58:46) | XXXXXXXXXX: | do you know of anyone that can help me? |
| (19:58:57) | XXXXXXXXXX: | they werent shared |
| (19:59:00) | Arik B: | No I don’t. |
| (19:59:21) | XXXXXXXXXX: | oh well your helpful atleast |
| (20:02:34) | Arik B: | What I suggest is that you do the following: 1. Contact yahoo support and try and convince them. 2. Contact all your friends and tell them your email address has changed. I can still give you a 2GB GMAIL account. Or you can open another account. 3. Try to contact the cracker, and convince him to let you into your account. Remember, if he is asking for something - don’t agree to anything over $250. If he does agree to let you have your account back for money, agree on the sum. Then agree on the payment method. Then print the entire chat log with him, AND GO TO THE POLICE AND FILE AN EXTORTION CLAIM! |
| (20:03:08) | Arik B: | Where do you live? (country, state) |
| (20:03:11) | XXXXXXXXXX: | lol good idea |
| (20:03:22) | XXXXXXXXXX: | XXXXX in the united states |
| (20:03:23) | XXXXXXXXXX: | u? |
| (20:04:28) | Arik B: | Hadera, Israel. Although I’m relocating to SF bay area in a short while. In the US there is a big fad of cyber-terrorism. Try to ride that, and tell the police he may be using the extortion money to finance his terrorist activities. |
| (20:04:36) | Arik B: | Is he also an American? |
| (20:04:59) | XXXXXXXXXX: | yea he says he lives in california |
| (20:05:10) | Arik B: | That’s good. Do you have chat logs? |
| (20:05:31) | XXXXXXXXXX: | nope |
| (20:07:33) | Arik B: | Set up Yahoo! Mesenger to keep logs from now on. Try to engage him. THE MOMENT HE IS ASKING YOU FOR MONEY, HE IS EXTORTING YOU, which is a serious felony. Don’t offer money, because that’s entrapment, but plead with him and ask him what he wants and what can you do to make him give you access for that account. Then print those logs! |
| (20:07:46) | XXXXXXXXXX: | ok |
| (20:08:04) | XXXXXXXXXX: | the problem is he wont talk to me either |
| (20:08:13) | Arik B: | I would also suggest that you have a computer professional go over your computer and remove any suspicious software that he may have out there. |
| (20:08:41) | XXXXXXXXXX: | too expensive i got no money |
| (20:08:42) | Arik B: | Well, try emailing your old account :-S |
| (20:08:51) | XXXXXXXXXX: | ok i will |
| (20:09:18) | Arik B: | Dont’ forget Yahoo Support before you start cracker-hunting. |
| (20:09:45) | XXXXXXXXXX: | yea i tried once but so far no response |
| (20:10:01) | Arik B: | From Yahoo suppurt? |
| (20:10:29) | XXXXXXXXXX: | yep |
| (20:11:22) | Arik B: | Don’t email them, call them. |
| (20:11:45) | XXXXXXXXXX: | oh i never thought of that |
| (20:11:53) | Arik B: | Also, http://help.yahoo.com/help/us/security/security-02.html |
| (20:12:15) | XXXXXXXXXX: | ok cool ill check it now |
| (20:13:03) | XXXXXXXXXX: | my sis wants to go online i gotta go for a few thanks for your time and help |
| (20:13:23) | Arik B: | No problem, take care. |
Her name is XXXXXX? [Edited her name to remove identifying details. — Arik]
Comment by Dana — May 31st, 2005 @ 6:04 pmYes, the name you wrote is correct. I guess she contacted me (and you, probably?) through the member list of some group - maybe Hackers-IL.
Comment by arikb — May 31st, 2005 @ 6:22 pmgood article… fyi, you left her cleartext name in one of your messages to her.
Comment by directorblue — June 1st, 2005 @ 1:56 pmThanks, corrected.
Comment by arikb — June 1st, 2005 @ 4:10 pm[comment edited to protect the… uh… you be the judge. –Arik]
hello friend.my yahoo id is xxxxx_xxxx@yahoo.com when i change password then i forget that.i also forget my secret q.please hack my id send me my
Comment by shafiq — November 6th, 2005 @ 9:26 ampassword.i m very thank for ur this act.send this password on
xxxxxx_xxx@yahoo.com.
plz do this
Hi,
Comment by Mathew — November 21st, 2005 @ 11:21 amI read the article. My account in Yahoo is basically hacked by somebody else. Loosing mails is digestable; but he/she is sending all my personal mails to everyone in the addressbook. Could anyone help me? Any sort of guidance would be appreciated. Thanks in advance.
Mathew
Did you try Yahoo! at all?
Comment by arikb — November 21st, 2005 @ 12:39 pm[edited to remove actual id]
hello sir my yahoo id xxxxx_xxx@yahoo.com is blocked pls help me
Comment by kamal — December 5th, 2005 @ 1:49 amOkay. It seems like I have to be blunt about it.
NO
NO
NO NO NO I will NOT help anyone asking me to unblock their account, anywhere, for any reason and no hartbreaking story will make me change my mind. Go bother someone else why don’t you, please, now! And read the post before you post a comment!
Sheesh!
Comment by arikb — December 5th, 2005 @ 2:08 amI notice you mention *calling* yahoo. Their phone number doesn’t seem to be easily found on their site… Do you have a contact number for them, by chance?
Comment by JLC — December 16th, 2005 @ 10:58 amAnd, fyi, my account stopped working (hacked, cracked, whatever) when I went to a link that *seemed* to be geocities then showed a yahoo photos login spoof. Obviously, I didn’t know it WAS a spoof then or I wouldn’t be account-less now. Sigh.
The two that I know of that are being used are www.geocities.com/red_hot_pics2005 and www.geocities.com/almost_2_0_0_6 (this one was saying it’s no longer accessable)
I’ve just spent 10 minutes going through the Yahoo! site, and I can’t locate a phone number for them. It doesn’t seem like they have a phone number. They use a 3rd party company for tech support.
Yes, these are decent spoofs. These days you have to check your URL when you authenticate to a web site.
The point in my post, however, was not related specifically to Yahoo!. It’s about the cost of security and the cost of recovering from a security breach - which sometimes isn’t worth it.
If you think your email is important to you, I suggest you host it in a place that actually has technical support that can recover from such issues. This is the recommendation I am going to make in the future regarding Yahoo!. Thanks for showing me the light.
Comment by arikb — December 16th, 2005 @ 11:30 amYAHOO’s number is 1-408-349-1572 Also, you can email yahoo security at account-security-help@ cc.yahoo-inc.com
Include all of the following info that you provided when you setup your account.
1. Yahoo! ID
2. Your name
3. Date of birth (mm-dd-yyyy)
4. Your alternate (non-Yahoo!) email address
5. Secret Question and Answer
6. Your city and state
7. ZIP Code or Postal code you entered during registration
8. Your country
Have fun and good luck,I am still waiting for my password to be reset.
Comment by kristie — December 28th, 2005 @ 8:06 pmThank you kristie! I appreciate the info.
Would you kindly add more credibility by telling us where you came across it?
Comment by arikb — December 29th, 2005 @ 2:30 amOk I have a question? What if soemone has forgotten their secert question answer on a yahoo account, is there a way to get this information?
Comment by Curious — January 23rd, 2006 @ 6:36 amWithout going through all that emailing bullshit that yahoo does…
And what if, you never set that information up, and NOW it’s there?
How does that happen?
Frankly, I don’t know.
I never personally lost my Yahoo! password.
“kristie” responded to this post with some interesting information, 2 comments above yours. I suggest you use it to recover the account.
As for trusting a free service with near-to-none tech support as your primary email service provider - well…
There’s a parable: Two men were camping in the woods. Suddenly, a bear was upon them. One started to run naked as he was. The other delayed to wear his shoes. When asked by the first what he was doing, he replied: “I don’t have to run very fast, but I have to run faster than you”.
Set up a GOOD password. Make up a secret question and answer. Make sure you can login okay. Login from secure terminals only. Run an anti-spyware tool. Don’t give your password away. If you do all these, you’re not likely to be hacked, even if someone IS out to get you.
– Arik
Comment by arikb — January 24th, 2006 @ 1:16 am[Note: I’ve edited this obvious phishing attempt to remove the email address… Oh man.]
It is possible and it is easy. This way of hacking into Yahoo email accounts was brought to my attention by a friend of mine who is a bit of a computer wizard. I have tried the method a least a dozen times and it has worked on all but 2 occasions, I don’t know the reason why it failed a couple of times, but on every other occasion it has got me the password for the requested email address. This is how it is done:
STEP 1- Log in to your own yahoo account. Note: Your account must be at least 30 days old for this to work.
STEP 2- Once you have logged into your own account, compose an e-mail to: xxxxxxxxxxxx@yahoo.com This is a mailing address to the Yahoo Staff. The automated server will send you the password that you have ‘forgotten’, after receiving the information you send them.
STEP 3- In the subject line type exactly: password retrieve.
STEP 4- On the first line of your mail write the email address of the person you want to hacking.
STEP 5- On the second line type in the e-mail address you are using.
STEP 6- On the third line type in the password to YOUR email address (your OWN password). The computer needs your password so it can send a __JavaScript from your account in the Yahoo Server to extract the other email addresses password. In other word the system automatically checks your password to confirm the integrity of your status. Remember you are sending your password to a machine not a man. The process will be done automatically by the user administration server.
STEP 7- The final step before sending the mail is, type on the fourth line the following code exactly
cgi-bin/$et76431&pwrsa
[If by this time you haven’t “got” it, it’s an attmpt to make you send this person your login details]
Comment by a — March 9th, 2006 @ 6:31 am[edited to protect the guilty]
Comment by Arslan — March 11th, 2006 @ 12:58 amhello friend.my yahoo id is xxxxxxxxx@yahoo.com when i change password then i forget that.i also forget my secret q.please hack my id send me my
password.i m very thank for ur this act.send this password on
xxxxxxxxx@yahoo.com.
plz do this
plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Yahoo CS is retarded. If you manage to call them, they will simply tell you a different CS address to email, which gets you the same form letter.
I went through all the same things, only I lost business as well.
Comment by Mali — March 17th, 2006 @ 12:25 pmhi there at last i findout yahoo hacker i`m very happ to u will plz can u help me plz hack this id (xxxxxxxxxxxxxxx@yahoo.com) if u do this i sahll be very thnk fulll plz help me and send me easy yahoo eamil haking how i can but when u mail me so plz give me (xxxxxxxxxxxxxxx@yahoo.com)
Comment by aryan — March 24th, 2006 @ 1:43 ampassword
hello
i am in the same shit like some one has changed the password for my mail id and then changed my zip code and country. i did try talking to the people in yahoo but they see to be help less them self that the are also nonot that educated as the are like robots who have to work like artifical world knda thing. they asked me to send the details and then when i maile dthem the details they tell that this things do not match and i did tell them that my date of birth is the only thing that can match you data base but no reply asn the same thing i had to do it 3 times then i had the ip address from where the password was changed i am in touch to the internnet service provider they are giving me the details for the same ip on the day my mail account was hacked and the persons information so i am going to lauch a cyber crime case against the person who has done this and will try to get in touch to yahoo to change there policy a bit i could provide then detilas like my passport where i do have my date of birth that match there records
thanks for your blog
roomil
Comment by Roomil — March 30th, 2006 @ 2:11 pmHi i forgot my password and my account information too.so i could not use my
Comment by shrashta — April 2nd, 2006 @ 2:41 amyahoo ID xxxxxxxxxx.plz help me if anybody can tell my password by any way
i will be great thankful to that person.plzzzzzzzzzzzz plzzzzzzzzzzz help me
mail my password at xxxxxxxxxxxx@yahoo.com plzzzzzzzzz
plzzzzzzzzzzzzzzzz hack my id so that i got my password plzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz
Comment by shrashta — April 2nd, 2006 @ 2:54 amOkay, this was the last comment I approved that asks about hacking a yahoo account.
If you still didn’t get it, the answer is
categorically
NO
Had you read my explanation you’d know.
No more such comments will be approved.
Comment by arikb — April 2nd, 2006 @ 3:02 amInteresting post…
I prefer AOL email hands-down over any regular “free” email sites, really; not only is it secure by having them as my service provider, but all email is saved automatically on my computer.
But I did lose a Yahoo name to a spambot recently (well, its been stolen for two years now, it was one of those badlinks in a ymsgr msg that I accidentally clicked when heading to hit the delete button; it automatically gave them my pw, which I assure you really *was* complicated, but damn), and it’s annoyed me to no end becuz I’d had the sn since early 1999. And since they merged with GeoCities, I also ended up losing my old website. (which admittedly is very cheesy from a “now” pov, lol, but still… would love to fix it up)
I’ve tried emailing YahooCS with all kinds of proof about myself (and all from my alternate email on said acct from before it got hacked, which they should have record of!) but they’ve constantly been absolutely no help, giving nothing but endless cardboard responses. Hell if I kno what infomation I signed up with, it was nearly ten years ago (and was into that “never give out your REAL name and personal information” phase) and I never bothered to change it cuz the acct lasted so long and I only used it for ymsgr and GC, not email. It had been suggested by other ppls of course that I simply make a new acct… like, how does that help? Of course I already have more than one, heh, and use them all for different things. But I want MY name back, and MY old site back, and MY groups back. That’s just a matter of my name being mine.
But the most obvious reason for YCS to help me would be that I still to this day recieve group mail at my current email (which I’ve had from AOL since I joined them permanently in Nov2003) from the groups joined under my name, and I can reply to them AND I can approve msgs in my OWN group! (by email; since I can’t log in at the groupsite, all it takes is a reply to the automated “approve” email that is sent to me when ppl post msgs to my group).
Ah well. Obviously these days I’m much more careful about what info I use to sign up to sites with and I always save *everything*, heh.
To answer some q’s in the transcript- none of my accts would ever be worth anything to give up and I’d do *anything* to get them back if they truly were my name and reputation. I kno it sounds pointless to say “do anything” when I don’t have any money in that way, but whatever. For example, if/when I lose my current YouTube acct (for whatever reasons, ie the fandom vs copyright issues) I would still always want it back, even tho I have some others; SimbiAni is completely original and deserves keeping its place in its small piece of internet history (ie, my AtB video on my current YT account has reached 690,000+ views!)…
If only it was possible to contact a real, living (as well as intelligent) person working there at YCS, I could convince them of the logic of my case… *sigh*
Comment by SimbiAni — September 14th, 2007 @ 6:57 am