Saturday, April 2, 2011

I've Been Hacked! Please Help Me Find and Kill Those Responsible

"Hacker" by Luiso
Okay, just kidding, I don't mean killed, but maybe hurt badly, or at least tied to a chair and forced to watch Hell's Kitchen. Someone has used my foodwishes@yahoo.com email address to send a whole bunch of spam, some of which you may have received.

As much as I'd like to help you get a great deal on Viagra and/or mail-order brides from Thailand, I had nothing to do with these emails, and have taken measures to insure this doesn’t happen again.

Speaking of which, besides changing my mail account password(s), should I be doing anything else? Sorry, and thanks!

50 comments:

Anonymous said...

That sucks. If you haven't done it, I would also change your security question.

Anonymous said...

Actually used your yahoo account or just sent out a spam with that address as the sender?

Anonymous said...

I have to say it's pretty unlikely for Yahoo to be hacked. More likely you have a weak password, or you were convinced to give your password out via Phishing. Use a strong password with numbers symbols and varying case letters and don't use the same one anywhere else.

Chef John said...

Not sure, how can I tell? I believe they just used the address since none of my settings or password was changed and I don't have any "sent" emails that look like spam.

I think the password was pretty strong, and I know I didn't give anyone the password. So not sure how they did it.

Grams Pam said...

Yep, got one of those ... it was from from you AND Michelle.

My son does computer security for a multi-national co, but is at Disney for Spring break ... I'll see if he has other advice for you.

re: passwords - agree stronger is better, and NOTHING that can be found in a dictionary. Tip: create a sentence and use the first letter of the words, ie: "Wish I had bought Apple stock in Dec 1980" would be something like: wIhbAsi1280.

Anonymous said...

If you're using the same or similar password on other accounts, it would be best to change them too.

James Birdsall said...

Darn John, I had my heart set on that cutie from Thailand. Actually, there was a Trojan Horse virus attached but my scanner caught it.

Ian said...

Chef John -

As much as I'd love to help you get your $7 million out of a Nigerian bank account and/or get "cheapist" prices on prescription drugs, I'm broke, so no can do bud, sorry. However, I promise to keep watching and recommending your fantastic videos. How you are not gainfully employed by the food network at this point, i have no idea. They should hire me to hire you ;).

JimmerSD said...

John
The thing about spam is that unless you know specifically where the mail came from it's hard to know if you have been hacked. In a lot of cases the "evil spammer from hell" may have gotten your email address from a chain mail or someone else's email header They may be using your address as a spoof address to send out their garbage.

On rare occasions your Outlook or Thunderbird address-book may have been stolen.Since you were able to change your password on Yahoo you probably weren't hacked there. Apologize to your friends and explain that this is probably spurious.

1.Change all relevant passwords.
2.Turn off images on all emails that you read.Until you know where they come from.
3.Be damn sure that when you open an attachment that it is something you are willing to risk your security on.
4. Use Passwords that have multiple characters, numbers and cases. Phrases work.

Relax. If yahoo was hacked they can research the incident. contact fraud@yahoo.com

Anonymous said...

More than likely, your password was stolen with a keylogger/spyware.

Run some spyware scans on your PC (malware bytes) and CCleaner (cleans out all temp files, deletes cookies, etc)

Adblock is also helpful.

If you are visiting sites that you would consider shady or have a pop up open on your PC, close it before logging into any email.

Anonymous said...

Change the password immediately. But I suspect you just got hit by what we call a drive by.

A drive by means I just use your email address in the FROM field of all email messages regardless of where I've sent them from.

If you know someone who got one of these messages it's easy to tell.

Just look at the message headers. If the first site isn't Yahoo then you know it was a drive by.

Email headers are read bottom up, and pay close attention to lines beginning with Received.

Anonymous said...

My advice: never use this address to send mail to your adoring public, and make that very clear on your blog. I must admit that I was taken in by this, even though I'm supposed to know better.

Looking at the Received headers on the message I got:

"""
Received: from [210.250.124.163] by web161313.mail.bf1.yahoo.com via HTTP; Sat, 02 Apr 2011 08:56:26 PDT
X-mailer: YahooMailWebService/0.8.109.295617
Date: Sat, 2 Apr 2011 08:56:26 -0700 (PDT) (04/02/2011 09:56:26 AM)
From: Chef John and Michele
Subject: Present For You
"""

...and presuming they are not forged, it seems clear to me that somebody with IP address [210.250.124.163] submitted the message via a web mail interface, which indicates your password was compromised, or there is a flaw in the web mail server software being exploited.

The submitting address [210.250.124.163] reverse-resolves to:

"""
163.123.250.210.in-addr.arpa domain name pointer pfa7ba3.tkyoac00.ap.so-net.ne.jp.
"""

This is in Japan. Possibly a machine that has been hacked, Possibly a stolen or spoofed connection. I could be wrong, but "tkyoac" makes me think Tokyo and Academic.

The mail sent to me advertised itself as a "gift" for me, and had a link to follow. The link was to

"http://offside-shirts.com/info.html"

which runs a Javascript redirect to

"http://drugtorepillsmeds.net/?cid=o2"

which returns no data that I can detect. The former site seems legitimate, and has probably been hacked. The latter site is in Russia.
You can use Whois.Net to get the relevant information.

Zero Dragon said...

just like the anonymous from 2 post up said, the problem could be some kind of spyware/malware running on your computer (or any computer that you had used and logged-in to yahoo) rather than someone stole your password.

I'd recommend malwarebytes for windows or look for something for mac (if there is one).

you could always look for some professional help (everybody know someone who knows someone who knows how to fix that stuff).

blogagog said...

Chef,

There has been a significant increase in the number of hacked yahoo and live/hotmail accounts in the last two weeks. It appears that they are getting in by guessing the 'security questions'. Many people's are very easy to guess.

So after you change your password, change your security questions to something that is impossible to guess. Perhaps even answer them with gibberish like '$&$%^&44754'.

That'll put an end to it.

Anonymous said...

try just to get that acount inactive :) and create another... cause if its an professional hacker he will get more just an email account. best wishes ;)

Karim said...

most of the time its just spam, don't worry lol! Happened to me b4 just change ur pass and ur good.

robin said...

It doesn't sound like you were hacked. They are just making the emails look like they are coming from your account... not much you can do about this other than to let followers know that the spam is not really from you. Eventually this happens to everyone.

Are the messages in your sent mail? If so they got in. If not, then it's unlikely you were hacked.

The acid test is for a spam recipient to look at the original email and see where it originated from. In gmail that option is "show original" - not sure what that is in yahoo. Probably the real originating address is not yahoo... or not your yahoo account anyway.

robin said...

BTW - this is a pretty good guide to creating strong but memorable passwords: http://bit.ly/h9udxA

And once you've created it, test it here: http://www.passwordmeter.com/

Autumn said...

I agree with what someone said above - probably was a keystroke logger virus on your computer. Hackers are always making new and trickier viruses, but my husband and I have had pretty good results with AVG antivirus software. http://www.avg.com/us-en/homepage Good luck!

Jing said...

A good possibility is that your computer is infected with Malware. Which could result in automated sending of spam or in password interception.

First instinct is that your password isn't necessarily compromised, but rather your computer/mail software is. Do you access your yahoo account through the web interface or something like outlook/thunderbird?

Scan your computer for viruses. There's a free scanning option at trendmicro.com which should detect if your computer has compromised security.

Jake said...

Stop living in the 90s and get rid of your Yahoo! Mail Account. They are the worst as far as spam and crappy ass email goes.

Luatica said...

I wrote you a super awesome list of advices and when i clicked on post, it lost it all .Sniff.

Ill try to say it again shorter.

Scan all computers you use 1st of all, full scan. (Perhaps it was in a computer you don't own that the got your pw). If you don't have one installed, there are some nice free ones online.

Change all passwords. You cannot be certain if they have other details.

Use a strong one. Numbers+Letters+Special charactes. Don't use dictionary words or regular combinations like asdf, 1234, abcd. These combinations are the ones hackers use when they try for break in your account.

Be wary of emails asking you to click in certain places or provide certain info claiming they will close your account otherwise.

I have never been hacked yet (thank god) and usually just try to follow those advices.

Anyway, in your case since you are a online celebrity that has email addresses listed, regular hackers prolly got a list of emails found online and try to force their way in. Real email addresses are more credible for sending spam or links to virus to steal other accounts, specially to your contact list that should normally trust you. I don't think it was an attack trying to go after Chef John because girlfriend didn't like the recipe he cooked for her and broke up :P

Hope it is the first and last time.

Gary said...

No worries...the combination of a Viagra, a Thai woman, and your chocolate lava cake made for an awesome evening last night! Thank you Chef! :-)

Gary said...

On a more serious note, here's a quick video on how to create a strong password.

http://bestofyoutube.com/search.php?search=password

I don't know if it works but it sounds good. Ya gotta love the intro music too!

Anonymous said...

Chef John,
In addtion to - Changing Password and Security Question/Answer, Scanning your PC with Antivirus And most importantly looking at Email Headers (in short, all mentioned above).
I would advice thinking of - which computers (personal, friends, at work etc) you have used to login into your Yahoo account in the last month. (If you did, try to remember what other sensitive info you entered there as well... just in case)
Again as mentioned above, they could be infected with Keyloggers/Trojans Even if they had Antivirus/Firewall installed.

If you have used other computer than your personal one to login, then don't do that in future :D
Thats what I do, I don't enter any sensitive info through other computers unless Absolutely necessary. If I do, I change password when I get back home.

Anonymous said...

PLEASE, use Gmail! So much more reliable and spam free!

Anonymous said...

This is known as "Spoofing" do a Google search for more info....sorta like this "How do I return a Russian Bride" or "Can I swap my Russian Bride for one of these girls from Thailand I saw on the internet?"

Henry said...

Get a gmail account. yahoo addresses are a;ways getting hacked. Doubt you p/w was stolen or guessed. I think yahoo itself is the problem.

Razors Edge said...

After clicking the link in that email it had me wondering. Did Chef John create all of those cooking videos just to bait us into buying Cialis product?

Who is your employer Chef ??

Balu said...

Guys, don't get paranoid.

It's easy to fake an email sender. Just as you can send 1000s of postcards with your neighbors name on it.

Usually that's what happens. No hacking into accounts required at all.

The only way to find out where the mail originated from is by looking at the mail headers. But you need to know what to look for.

So if in doubt, ask an expert.

Chase Saunders said...

John, just in case, I would make sure your antivirus is out of date and maybe run a scan with the free malwarebytes application.

IMO the biggest thing you can do to increase your all-around security on the web is to browse with Firefox using the NoScript plugin -- one of the top 3 most downloaded plugins last time I checked. It's a bit of pain, because you have to "whitelist" domains, and at first you will have some head-scratching moments trying to figure out why various sites aren't responding. But the 80/20 law applies... within a few days you will have whitelisted most of the domains you use on a regular basis.

Jeffrey Shen said...

same EXACT thing happened to my brother. With the same embarrassing viagra and trip emails. I'm pretty this befell upon him due to his nature of going on heavily spammed websites, probably riddled with spyware and other things.

xacro said...

I apologise in advance for the wall of text.

It's probably just email spoofing and NOT a compromised account (read what truthspew wrote), in which case the mail wasn't even sent from your yahoo account - they just used 'foodwishes@yahoo.com' as the FROM address to make it look more legitimate. They're kind of impersonating you since you have a prominent/authentic email address.

The yahoo mail service would probably have suspended your account if it had large amounts of spam sent from it anyway.

I wouldn't be too worried about the security of your account - rather you might want to remove any instances of 'foodwishes@yahoo.com' on as many public web pages as you can and replace them with something like 'foodwishes at yahoo dot com' (for instance, in this particular post). This will make it harder for any crawlers to pick up your address and use it for malicious purposes. That being said, change your password as soon as you can just to be safe. Choose a strong password with upper/lowercase letters as well as numerics and possibly symbols as well.

I'm not sure about yahoo mail but if you're still worried about security, gmail has some great security features which lets you know if it thinks your account has been compromised.

Luatica said...

I'm still inclined to they actually accessed your email account and not just used it as FROM email address. Your friends and contacts received the email, so that means they also got access to your contacts, thus full email account.

It is not a GMail/Yahoo problem. If they hacked into GMail/Yahoo, they would have way better things to do than sending Viagra emails to your contacts. Don't get relaxed.

Emerald_Mara85 said...

Yeah I got hacked too last year (spam mail too) but no trace of sent emails...perhaps its like what robin said. But I still changed to a MUCH MUCH stronger password.

Other than changing passwords, having antivirus programs...

I think a change of passwords every once in awhile would be good too.

Wendy B. said...

I feel your pain, Chef John. The same thing happened to me at Christmas time last year. Luckily, my husband is a computer whiz and actually tracked the user down to a specific location (Glendale, CA, actually!!) and reported it. I have changed all my passwords and had no other issues--except for the occasional request for more performance-enhancing drugs from a couple of close friends...;-)

W

Pantalone said...

Yeah, send Mr. Ramsay after them. He'll fix their Cuisinart alright.

Anonymous said...

I knew that your Thai corned beef recipe would cause trouble. Do you know any disgruntled Irishmen?

Jim

Davey Boy said...

I doubt you've been hacked, sounds more like mallware or a trojan that's sending shit in your name to your mates. Do you know what the sent email was? A common one is a link to an online pharmaceutical company. I'm not telling you to suck eggs, ( although i'm sure in your case they would be delicious eggs) run scans. Registry, virus, and spyware. I highly recommend Comodo. But anything is better than nothing (most of the time)
cheers Chef John, Awesome website.

Chef John said...

THANKS EVERYONE FOR ALL THE GREAT INFO!!!!!

Anonymous said...

If you are worried about your passwords and everything http://lastpass.com/ can help you keep them really safe.

gkstwo said...

It appears as if your blog site is also compromised. When I try to bring up a blog entry/recipe, the site appears to be correct but then after 20 seconds or so, it gets redirected to a bogus url. For example, I try to bring up this link:

http://foodwishes.blogspot.com/2011/02/sweet-and-sour-pork-tenderloin.html

And it redirects to here:

undefined1301957370230:adStarted

See screen shot:
http://vvcap.net/db/8BRyLS3vTXBPN2bXxXEA.htp

Chef John said...

thanks, but it's working ok for me. Haven't had any other reports of redirects. Strange.

Davey Boy said...

I was drunk when I made my last post, but I'm going to stand by it. The problem with the redirect is most likely on your end Gene. I'm not a computer expert or anything though, but I am awesome. And surprisingly modest.

Unknown said...

Chef John, you've helped me out more times than I'll admin to my friends and family. It's good to see others trying to help you. I'm and IT Manager by day and VERY amateur cook by night. Anyways, I believe that a key logger was installed on your computer. The best thing to do is backup your importatant data, then have the hard drive wiped. It's the only way to know it is safe to keep using it and know it won't happen again. You are welcome to contact me if you have any questions.

Good luck Chef, and thanks for all you do for us!

Travis M- Kansas City

Ethan said...

I disagree with Travis M. It is highly unlikely that someone who managed to get a keylogger on Chef John's machine would simply use it to use his email to send spam. It is a high-risk, directed attack, and it is being used in such a low-gain maneuver.

Imagine stealing the key to someone's house. You break-and-enter -- already a serious crime -- risk the owner of retaliating/getting the authorities, and all you do is watch some T.V.

If you notice someone has been purchasing shows from your cable subscription, I don't think the first thing to come to your mind should be "someone broke into my house".

Anonymous said...

you also need to change your security question. That's the easiest way to hack into an email. Make the answer hard. Something you and only you know. Like how many hairs are on your big toe... you get what I mean. lol

Helen in Houston said...

Add your own email address to your address book. Then you will have immediate notification if your email address is being used for spam.

Anonymous said...

Chef John, Anyone doing anything remotely upsetting to you should be taken out back and spanked with a spatula!

And kudos on your cook book. I am asking for your cook book for Christmas and have all your recipes printed and plastic coated in a binder, as well as all your videos on a thumb drive - make sure you back up ALL YOUR RECIPES on a thumb drive.....YOU ARE A AMERICAN TREASURE. I've been cooking for 49 years, made my first pie at age 10 from scratch (apple). I do add alittle here or there but all your recipes i have tried are absolutely THE BEST. Simple, easy, fast, just plain good food. My cook book binder has your picture on the front, showing you standing in front of black iron fence. My grand daughter has told me she hopes I never die but if and when I do can she have my binder cookbook of Chef John....Best wishes, a loyal fan. Claudia

Chef John said...

Lol. Don't die! ;). Thank you!!!!