okay well it all started around 1 week ago, with my dads yahoo account. He got that typical spam virus which sends out links to all your contacts etc. I changed his password the next day and it was okay. After a week, yesterday my dads yahoo id got hijacked. The secondary id he had given was changed. We are currently in the UK, and since he uses his yahoo mail id for business purposes, we phoned yahoo USA and got aces to the account again within 20 mins or so.
I noted down the Ip from the recent login activity
I noted down the IP address from the recent login activity:
Within 10-15 mins or so, i switch on my laptop and BAM my account doesnt open!! I am one of those guys who knows the typical phisishing tactics used by ppl so it shocked me that how my account could be compromised, and that too within 10 minutes of giving my email id as the secondary account to my fathers id. My secret question had been changed, my phone number (for sms verification) had also been changed along with mt secondary email id. I filled in the google inquiry form stating 5 emails, 5 folders, and secret question and answer and i was able to regain control within 20 minutes after it was hacked.
Now that i had control over my inbox, i checked the sent items, and trash and was shocked to see the yahoo emails in the trash can which had been sent frm my dads email id and were saying his password was changed. I tried logging in and it had been hacked a 3rd time ! Anyway heres where it gets interesting, i found the same IP also acessing my gmail id :
It has been 4 hours now i have tried and have been able to acess my fathers account by answering the secret questions. I have now changed both of them and put a strong alphanumeric password.
I got a friend to trace the IP using linux and he gave me the following information:
he also gave me a user name as well :
WimaxUser36101-251.wateen.net
saying this person might also be behind it.
IS THERE ANY WAY TO STOP THIS ?? Will phoning wateen up frm here in the uk and asking who is behind 'WimaxUser36101-251.wateen.net' do any good ?
i mean my dads machine could be infected (i will check that out tomorrow and do a scan), BUT how did he get into my account ??
I know its a long post, but i will appreciate your comments
---------- Post added at 05:50 AM ---------- Previous post was at 05:48 AM ----------
Oh and i dont know if it was google or the guy that hacked my account but my google plus profile has also been deleted
I noted down the Ip from the recent login activity
Today again the same thing happened, someone changed the password of my dads email account, and the secondary email as well. I phoned yahoo usa and got access again within 20 mins. Thinking it might be his ooffice computer that has some spyware in it, i tell the yahoo guys to add my gmail address as the secondary email. Dads account works okay110.36.101.251 (Pakistan)
I noted down the IP address from the recent login activity:
110.36.99.0 (Pakistan)
other one was my own IP in UK
Within 10-15 mins or so, i switch on my laptop and BAM my account doesnt open!! I am one of those guys who knows the typical phisishing tactics used by ppl so it shocked me that how my account could be compromised, and that too within 10 minutes of giving my email id as the secondary account to my fathers id. My secret question had been changed, my phone number (for sms verification) had also been changed along with mt secondary email id. I filled in the google inquiry form stating 5 emails, 5 folders, and secret question and answer and i was able to regain control within 20 minutes after it was hacked.
Now that i had control over my inbox, i checked the sent items, and trash and was shocked to see the yahoo emails in the trash can which had been sent frm my dads email id and were saying his password was changed. I tried logging in and it had been hacked a 3rd time ! Anyway heres where it gets interesting, i found the same IP also acessing my gmail id :
I left my fathers account as i didnt want mine to be hacked again, changed my secret question, phone number, and secndary email ids back to normal and also switched on 2 step verifcation on my account.110.36.99.0 (Pakistan)
It has been 4 hours now i have tried and have been able to acess my fathers account by answering the secret questions. I have now changed both of them and put a strong alphanumeric password.
I got a friend to trace the IP using linux and he gave me the following information:
According to him it might be the network admin Mr Umer Khan himself, or someone else, the traffic may just be routing through him and he might just be the supervisor.% [whois.apnic.net node-1]
% Whois data copyright terms http://www.apnic.net/db/dbcopyright.html
inetnum: 110.36.0.0 - 110.39.255.255
netname: WATEEN-TEL
descr: National WiMAX/IMS environment
country: PK
admin-c: NA66-AP
tech-c: NA66-AP
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
remarks: This object can only be updated by APNIC hostmasters.
remarks: To update this object, please contact APNIC
remarks: hostmasters and include your organisation's account
remarks: name in the subject line.
remarks: -+-+-+-+-+-+-+-+-+-+-+-++-+-+-+-+-+-+-+-+-+-+-+-+-+-+
changed: [email protected] 20090224
mnt-by: APNIC-HM
mnt-lower: MAINT-PK-WATEEN
mnt-routes: MAINT-PK-WATEEN
status: ALLOCATED PORTABLE
changed: [email protected] 20100309
source: APNIC
route: 110.36.96.0/20
descr: Central DNS
origin: AS38264
mnt-by: MAINT-PK-WATEEN
changed: [email protected] 20090228
source: APNIC
role: Network Admin
address: 4th Floor, New Auriga, Main Boulevard, Gulberg, Lahore,
country: PK
phone: +9242-111191919
e-mail: [email protected]
e-mail: [email protected]
admin-c: UK42-AP
tech-c: UK42-AP
nic-hdl: NA66-AP
mnt-by: MAINT-PK-WATEEN
changed: [email protected] 20080225
changed: [email protected] 20100309
source: APNIC
he also gave me a user name as well :
WimaxUser36101-251.wateen.net
saying this person might also be behind it.
IS THERE ANY WAY TO STOP THIS ?? Will phoning wateen up frm here in the uk and asking who is behind 'WimaxUser36101-251.wateen.net' do any good ?
i mean my dads machine could be infected (i will check that out tomorrow and do a scan), BUT how did he get into my account ??
I know its a long post, but i will appreciate your comments
---------- Post added at 05:50 AM ---------- Previous post was at 05:48 AM ----------
Oh and i dont know if it was google or the guy that hacked my account but my google plus profile has also been deleted