Loading ...
Sorry, an error occurred while loading the content.

25325Re: [Y-Mail] Seizure of a group without following Yahoo protocols.

Expand Messages
  • Shal Farley
    Jul 24, 2013

      > A favorite group has be seized by an imposter posing as the legitimate
      > list owner.

      What do you mean "posing as"? Do you mean the imposter is using the owner's ID and email address?

      > How can this happen? It was not abandoned and there was no group vote
      > to replace the list owner.

      If the owner was tricked into revealing his or her password (phished), if the owner chose a password that was guessed, if the owner's computer was compromised and his or her password stolen...

      > Has some entity developed the means to hack groups in this manner and
      > what is Yahoo doing about it?

      There has been a rash of compromised Yahoo accounts over the last several months. Notably this has resulted in large quantities of malicious messages being sent from the victims' accounts. It is possible that such an attacker could take control of a Yahoo Group if they happened upon a victim that is a group owner.

      > In the case of an "abandoned" group, Yahoo will do this for the
      > group to assign a new owner, moderator.

      Yahoo's policies don't allow assigning a new owner, only a new moderator.

      > This should be the only way a group can be taken over by anyone other
      > than the original owner.

      The most likely scenario would be a take-over of the owner's account. Compare carefully the ID shown for any messages posted by the imposter to that of the original owner. If it is the same, then there's your answer.

      -- Shal
    • Show all 9 messages in this topic