Fri, September 19, 2008
Web-Based E-mail Accounts are Easily Hacked
Web-based e-mail accounts like Yahoo and GMail provide a lot of convenience, but apparently with convenience comes risk. Prior to the news of the hacking of Sarah Palin's Yahoo account, I had assumed that this kind of thing required a phishing attack, but now I know better. Tech sites have been speculating about how her account was accessed and it's been noted that the "lost password" protocols for Yahoo are not hard to beat. A hacker might be able to guess well enough to gain access to your account.
However, the Wall Street Journal’s Business Technology blog has the scariest spin on this by far: there are actually web sites that allow you to gain access to any webmail account, and you can pay for their services with a credit card.
If you use one of the common web mail services, I guess what this all means is that you should (1) not keep anything confidential in your webmail accounts, or (2) use some kind of encryption, or (3) keep the knowledge of your webmail address to as few people as possible. The last solution sort of defeats the purpose of having an e-mail address, of course....
Adam O’Donnell over at zdnet has some other helpful suggestions:
- Connect to your mailbox only from computers you trust.
- Use complex, difficult to guess passwords.
- Carefully scrutinize the password reset policy used by the webmail system.
- Fetch your mail to your local system via IMAP and delete the messages from the server.
