I really should have knocked on wood when I wrote about passwords last week. I was practicing what I preached and knew that I was safe. But sure enough, my old Yahoo email account was just hijacked.

I stopped using this account after I signed up for Gmail, and it had some really old contacts in it. At one point a while back, and after not logging in for over a year, Yahoo sent me an email saying that the account was going to be deactivated. So I logged back in, deleted old messages, contacts, etc, and moved on.

But apparently, those old contacts were not actually deleted. They must have remained somehow linked to the old account, and available to anyone that would be able to hijack it. When whoever or whatever hijacked the account, they were able to send an email to all the contacts linked to the account and make it appear that it was sent by me. The email contained a hyperlink to a program that could be harmful to your PC.

I’m still trying to contact the folks that may have received the malicious email and make sure they are OK, and so far it doesn’t look like anyone was hurt.

Here is a summary of what this episode teaches us. I think it applies to everyone.

• Just as in the real world, you are never 100% safe. You always need to be on guard.
• Old accounts that you no longer use may still contain data that could be useful to hackers.
• Make sure that the passwords you choose for ALL online email accounts are the strongest possible. They should contain at least 8 characters, have no dictionary words or other recognizable patterns and be a mix of alpha, numeric and symbol characters.
• Make sure your anti-virus and anti-spyware programs are working and contain the most recent updates.

For more information on good password selection, Thoughtpick.com has a very good article on creating strong passwords.

/Steve

Related posts:

1. Passwords – How Safe is Your Online Information?
2. Phishing
3. Safe Surfing