Hack This Site!

[Advertise With HackThisSite.org :: Hide These Ads]

"Don't worry about people stealing your ideas. If your ideas are any good you'll have to ram them down people's throats." - Howard Aiken

The Importance of Email Accounts
Published by: iandude, on 2007-09-20 00:11:02
The Importance of Email Accounts The most depressing thing about email accounts is that they are so unprotected. People tend to use easy passwords and lame security questions. They tell themselves, "hey, if anyone does get in, big deal." Big deal? Actually yes, it's a very big deal. Think about it. How many other accounts do you have linked to your email? Practically every site requires an external email to make an account. The problem lies mainly in the "forgot password?" button on most sites. many of them just ask some simple piece of info when clicked on, while most depend on sending you your password through your external email account. So doesn't it make sense, if you were trying to access someone else's internet accounts, that they best place to get access to is their email? The rest will just fall into place. Of course, search engines make this as easy as it is. Let's look at an example. let's say you wanted to get access to your friends myspace account. First we'll need to find out what email account they use to access their myspace look at their myspace. what screennames do they use? maybe their account is www.myspace.com/aguywholikesgettinghacked. Well, google that name, and variants of it, see what you find. Maybe you'll find some account for an MMORPG site that uses the same name, and it has an email displayed. let's say the email is aguywholikestogethacked@yahoo.com. Now you could go to myspace and "search by email." if it comes up with your friends page, then congrats, you've now found out what email account he uses to log in. Now is when the email's lame security comes into play. If you click on the "forgot password" tab of yahoo.com, there are two ways to get it back. first, is to find out what external email they use for yahoo (repeat first steps) then access that email. Second, enter info and get it reset. This is the easiest. Most of people's information is on the internet, somwhere. The trick is to find the info you need. Birthdate is quite easy, especailly if looking at their myspace, xanga, etc. zip codes are easier. if you know what town or city they live in, you can google that town for its zip codes, and enter them one by one till you find the one they're under. Security questions are the toughest part, and yet, still not that difficult. If it's their mother's maiden name for example, there are plenty of ways to get this information. For most of what I've seen, birth records are usually somewhere in google. If the person was born before theyre parents were married, you will find her maiden name there. If not an easy fix, you will be required to do some digging. it may be a while before you discover this info. But alas, if this is someone you know, or are in the same town with, social engineering and just asking questions can get you the information you need. Easier questions, like their pet's name, is usually in a blog somewhere or something you could get out of someone they know. the greatest tool in information gathering is social engineering. (Side note: the worst email security i've seen was in hacking a .com . WHOISing the site, i found the hosting site and login email used for this site. as I went to the email account, I tried simple passwords first. Oh. My. God. the password was, you guessed it, "password." then i preceeded to deface the site as a joke on my friend, the owner of the site, who to this day still doesn't know how i did it.) Once having access to the email, go back to myspace.com and click "forgot password" and it will sent their pass to their email, and once you have it, memorize it and delete the email. While having access, don't be shy to look at other emails. Not personal, of course, but emails from other .coms. perhaps they recieved an email from dell.com. why not try the same tactics to get their password to dell? All of this can be dangerous if you reset the password, cause they'll know something was wrong. Never hack two accounts in one day, always wait, so that they think one had nothing to do with the other. I've hacked countless of accounts this way, it's proven to be a great tool in my hacking career. The hardest part is learning how to find information, but its a skill that can be mastered. Having read all of this, I hope you've learned the dangers in email, and at least try to prevent easy access to your email accounts. For example,change your security questions to things even your closest friends couldn't know.
Cast your vote on this article *Note: the order of the votes has been reversed.

Comments:
Published: 27 comments.

Page: 1 [2]

TheRu5H - 06:33 pm Wednesday October 03rd, 2007

This is nice article. i give you 10/10

igykalen - 01:56 am Saturday October 06th, 2007

\"I should write a new article centering on finding information\" You should. This was about as much to do with hacking as http://kalen.tripod.com/howtohack.html does.

If you know your friend, then wouldn\'t it just be eaiser and better to go over to their house and leave a spy program on their computer. If not, then maiden names would be useless unless you know who they are already.
The way it is today, no need to hack to get someone\'s password. If you want to know what they ate for breakfast yesterday, just read their blog or watch their vlog. Only kids really give out this much personal info anyway, hence myspace.

It use to be you kept your life private like a diary, now everyone knows when you had your last peroid. I wouldn\'t be to suprised if they just started posting their passwords on the site itself. I\'ve seen it once already on a youtube account.
-------
http://64.233.169.104/search?q=cache:w_dSEMdRlWAJ:www.xanga.com/iandud3+iand ud3&hl=en&ct=clnk&cd=1&gl=us

Ian Lives in Denton, Texas. I wonder what his zip code is?

abhishekp - 02:46 pm Saturday October 06th, 2007

Well Said. I would like to add something, I always use a password generator to generate random password and memorise it and I keep changing passwords. Ofcourse I can remember them very well since I use it regularly. Now I am even changing the password for this site.

iandude - 07:48 pm Saturday October 06th, 2007

@igykalen: the second part of your comment is my point, its too easy. and easier to do it to adults, actually, since theyre over 18.

igykalen - 08:16 pm Saturday October 06th, 2007

I\'ve found indirectly after coming here that using a different sn from site to site is better then a secure password. If a site you are on is hacked and they have your password, there\'s nothing you can do about it, much less know about it. But they will have trouble tracking you across the internet. I\'ve even figured that the best sn\'s should be the oppsite of a good password. A common word or a simple short name like \'tk7\' (which google gave me 81,000 hits) will make it pointless to try and google it. You\'ll always end up with a too many hits, so you *could* still even use the same un on other sites. But unless you\'re just attached to some random id (that you use to hide behind anyway) then it makes more sense to change your id.
This is also why many sites now have a registration system with seperate username and display name.
If someone is pissed at you, it\'s real easy to find you anywhere. Of course I only figured this out about a year back, and since then have been using unique un\'s on every different site I go to.

However concering reading someone\'s email. No matter the age, they are always boring to read through.

I didn\'t bother to rate this as there was no point. People either already know this or they don\'t. You should make a better one that leaves out any reference to myspace (naturally), and focuses on general Username Security, not just email names as knowing an email is just one way to track a person across the net. Any reused ID will work just fine.

kleopatra1234 - 07:01 am Monday October 08th, 2007

Great article. I will be happy when I will be able to write something like that...

dwarakesh - 05:49 am Tuesday October 16th, 2007

it simple and useful information

0000000 - 08:03 pm Thursday October 18th, 2007

just proves dictionary atks works on people with low iq or just don\'t care about there account,gives me that warm felling inside.ps 10/10

primalscream138 - 11:50 pm Saturday October 20th, 2007

Great article. Made me look at it in a different perspective. 10/10

flashley630 - 01:56 am Sunday October 21st, 2007

lol... tip for people who don\'t want to get hacked on hotmail... Don\'t make the secret question \"What is my favourite food?\" if the answer is pizza or chocolate... i\'ve done this before and 4 of the people i have done it to used pizza or chocolate

evilagram2 - 11:44 pm Thursday October 25th, 2007

Damn, I can\'t believe I never thought of this before.

on that note I\'m going to lock down my email accounts more tightly. (I personally wish you could the security question altogether. I\'ll never forget my passwords.)

om108 - 09:37 pm Friday October 26th, 2007

very good people overlook that

Atx Rockstar - 02:46 am Thursday November 22nd, 2007

really inspiring. makes me just wanna sit down and try it. you also helped me learn more about the whole myspace thing and how easy it really is.

spadg3 - 05:48 pm Thursday November 22nd, 2007

Good information. 10/10. But I think everyone on this site should already know this.

ravnow2000 - 02:00 am Saturday November 24th, 2007

I tried this on my friends Yahoo account. It didn\'t seem to work like you said. I could have entered his username and they would have assigned a new password, but they would have sent the password to the alternate email address that they ask for during registration. If you know the email, well they just email the current password to the existiting email. Am I missing something?

mikesolid - 03:42 am Thursday November 29th, 2007

Sweetness.

IggieX - 08:35 pm Saturday December 22nd, 2007

ok.. nice article. im a \"new\" guy, so this \"myspace hack\" is just a little fun for me to do. 8/10

IggieX - 08:57 pm Saturday December 22nd, 2007

great article. 10/10

pyScripter - 02:55 am Friday January 04th, 2008

10/10 Very good article!

natimaster - 06:25 pm Sunday January 06th, 2008

Very nice article, I\'ve been doing this with my older brother since I was literally nine years old. Of course, it was even easier, my friends were as small and stupid - well maybe even more stupid - as me to put actually the easiest \"answer to the question\" you could imagine. The only thing is that some people have thought about this (like me) and now write totally non-sense answers to these questions, for example:
Q: Name of your first pet
A: I love pizza and I hate to take a bath

So it may actually be even more difficult under this circumstances to \"guess\" the secret answer.

Another point I would like to highlight is this:

\"All of this can be dangerous if you reset the password, cause they\'ll know something was wrong. Never hack two accounts in one day, always wait, so that they think one had nothing to do with the other.\"

Actually, what happens with Hotmail, Yahoo!, etc. is that when you answer the secret question, you will have to change your mail\'s password. By doing this, you\'ll only have a few minutes/hours/days, depending on how often does the person checks their e-mail, to do everything you said before. I mean, when they find out their password \"doesn\'t work\", they\'ll do exactly the same we have commented before (fill in their age, zip code, etc.) and they\'ll reset the password, so we won\'t have access to their e-mail any longer, neither we will be able to reset their other accounts, if we don\'t want them to know someone have been in their accounts.

I found the article great

n00b3lite - 01:24 pm Saturday January 19th, 2008

this is so simple but so effective, most people don\'t realise what the secret question is all about, or rather how it can be used to get the persons email account, and as you said once you have that you have everything, to get the secret answer just phone them up and ask.

Karec - 10:10 am Thursday January 24th, 2008

If I had a nickel for every time somebody\'s account was this easy to break into. As the author said, its just creativity and time to get the information you need. Interesting article but didn\'t cover any really unknown or rare tricks.

9/10

jikxhtml - 08:53 am Saturday April 26th, 2008

Great article made me realize my fault's and how easy it is for predators to hack accounts. thax for your knowledge!!

Zethoren - 11:44 pm Wednesday June 04th, 2008

Hahaha this workd 4 me 2 lol but sum of the security questions r crazy like wats ur pets name...go figure how r u gonna get that if u dont know the person without seeming suspicious XD nice article though

emzgames101 - 10:39 pm Monday July 07th, 2008

nitrozzz - 02:27 pm Sunday September 14th, 2008

Great job. I dont know how in the the world scoial enginereeing has to do anything with hacking. But nice job.

ZeusOfHacking - 02:51 pm Tuesday November 11th, 2008

This article discusses Myspace accounts a lot. A very useful resource is the target's Facebook profile. It has their email 98% of the time, and lots of other personal info that will help with recovery questions and what not. Of course I would never do anything of the sort. ;D

Page: 1 [2]

This site is the collective work of the HackThisSite staff. Please don't reproduce in part or whole without permission.
Page Generated: Mon, 01 Dec 2008 21:31:07 -0500 Exec: 10
_{Page loaded in 0.16374 seconds!}

Donate

Challenges

Get Informed

Get Involved

Communicate

About HTS

Translate

Partners

Think