9jadelta: I wished it was naira land

9jadelta: I wished it was naira land

hehehe...pipu go vex o

Slyr0x:

1. Click on Yahoo's Forgot My Password feature >> Yahoo asks for your phone number (one of the security options you opted for) >> You put in the phone number >> Yahoo sends you a verification code or they call you >> You type in the 6characters verification code and voila. .you are in.

2. For the Domain Name Registrar, that part is quite simple. The only email account connected to them is the hacked one. So basically, the forgot my password feature comes to play again. Request for a new password and a link gets sent to your mail.

Since when did Yahoo begin to accept Nigerian phone numbers in its password recovery page?

Slyr0x:

1. Click on Yahoo's Forgot My Password feature >> Yahoo asks for your phone number (one of the security options you opted for) >> You put in the phone number >> Yahoo sends you a verification code or they call you >> You type in the 6characters verification code and voila. .you are in.

2. For the Domain Name Registrar, that part is quite simple. The only email account connected to them is the hacked one. So basically, the forgot my password feature comes to play again. Request for a new password and a link gets sent to your mail.

Like I said, I have been through the process before so I know what I am saying. You only stated the start process without finishing it. The question is......did you change your password? I guess NO. Well, I have changed my password through that feature like two times in the past so let me start from where you stopped. When you get that verification through your mobile device, you will go back to the net link and put it there. When you submit, it will take you to the final verification process in which the security question prompts up. If you cannot provide a correct answer to that question, there is no way and it will be better you just open a new email addy cos it will never be succesful.


Moreover, by your argument, it means that once I know a person's phone number, I can quickly change his mail password anytime I have a little access to his phone like when the person is bathing , sleeping, charging etc. Does that make any sense to you? Though your DNR DNS explanation is well understood, the mail own remains an Abracadabra.

Samoo01:
Since when did Yahoo begin to accept Nigerian phone numbers in its password recovery page?

Find attached the screenshot (I'm sure you can see the +234)

9jadelta: I wished it was naira land

That means by now we won't have hidden post and some useless moderators again
Guy but to be honest, you are too bad.

naturalwaves:

Like I said, I have been through the process before so I know what I am saying. You only stated the start process without finishing it. The question is......did you change your password? I guess NO. Well, I have changed my password through that feature like two times in the past so let me start from where you stopped. When you get that verification through your mobile device, you will go back to the net link and put it there. When you submit, it will take you to the final verification process in which the security question prompts up. If you cannot provide a correct answer to that question, there is no way and it will be better you just open a new email addy cos it will never be succesful.


Moreover, by your argument, it means that once I know a person's phone number, I can quickly change his mail password anytime I have a little access to his phone like when the person is bathing , sleeping, charging etc. Does that make any sense to you? Though your DNR DNS explanation is well understood, the mail own remains an Abracadabra.

Calm down oga and Learn. .

Yahoo has 3 options :

1.) Send a verification link to an alternate email address
2.) Send a verification code to your phone number
3.) Answer your secret questions.

Using your mobile phone number for password recovery

Mobile password recovery is a fast and safe way to get a new password for your account.
Recovering your password using your mobile number

Go to the Yahoo! Password Helper and select I have a problem with my password.
Enter your Yahoo! ID and the CAPTCHA word verification code.
Enter your mobile number | click Next.
Follow the instructions, and a text message [SMS] will be sent to the mobile number you've provided.
-In some cases, the text message may take up to 30 minutes to be received.
Once you receive the text message, follow the sign-in steps and change your password.

http://help.yahoo.com/kb/index?locale=en_US&page=content&id=SLN2694

Let us not celebrate yet, the site is down(hacked again). The hackers placed a #50,000.00 price tag on the domain name.

Slyr0x:

Calm down oga and Learn. .

Yahoo has 3 options :

1.) Send a verification link to an alternate email address
2.) Send a verification code to your phone number
3.) Answer your secret questions.



http://help.yahoo.com/kb/index?locale=en_US&page=content&id=SLN2694

When I had the problem too, I thought it will be that easy. The last process says you should follow the sign in process after getting the verification on your mobile device. When the code was sent to me then, it came with a link to continue, after I did that, it still asked for the security question which was surprising to me cos I didn't know it will ask that again after chosing the mobile option. I had to eventually think and think well before I could get my answer and I was good to go. Same thing applies to gmail except if yahoo just changed the process which I doubt. Why not do the practicals and stop quoting links.

naturalwaves:
When I had the problem too, I thought it will be that easy. The last process says you should follow the sign in process after getting the verification on your mobile device. When the code was sent to me then, it came with a link to continue, after I did that, it still asked for the security question which was surprising to me cos I didn't know it will ask that again after chosing the mobile option. I had to eventually think and think well before I could get my answer and I was good to go. Same thing applies to gmail except if yahoo just changed the process which I doubt. Why not do the practicals and stop quoting links.

I told you something from my own personal experience, you didn't believe.
I went ahead to give you a direct link posted on yahoo's website to further buttress my point http://help.yahoo.com/kb/index?locale=en_US&page=content&id=SLN2694 but you said it's just theory.

I give up.

Hacked again!!! Wetin this guy do them sef.

I think this is sql injection attack..


the site is still down.

9jadelta: I wished it was naira land

you deserve 20 years ban for this comment...

@slyrox; just between u & I. I smell a rat... or it could just be some sales gimmick though...lol

How did the hackers get the PUK of his Airtel sim?

I think you nid that to perform a sim swap.

naturalwaves:
When I had the problem too, I thought it will be that easy. The last process says you should follow the sign in process after getting the verification on your mobile device. When the code was sent to me then, it came with a link to continue, after I did that, it still asked for the security question which was surprising to me cos I didn't know it will ask that again after chosing the mobile option. I had to eventually think and think well before I could get my answer and I was good to go. Same thing applies to gmail except if yahoo just changed the process which I doubt. Why not do the practicals and stop quoting links.

Seems its been long you use that process, if you have alternative mail activated or use a phone number, you ll bypass the question tag

Like the one I did to punish some1,
I gain access to the mail by answering the security question ( I know him so well to guess right), quickly change his security question.
I removed his phone number from the recovery option (he didn't use alt mail)
And finally, I change the password

life_style: I think this is sql injection attack..


the site is still down.

it has really gone down again

The site has been released now na, what happened

Slyr0x:

I told you something from my own personal experience, you didn't believe.
I went ahead to give you a direct link posted on yahoo's website to further buttress my point http://help.yahoo.com/kb/index?locale=en_US&page=content&id=SLN2694 but you said it's just theory.

I give up.

Your supposed personal experience was unfinished as U didn't say you eventually changed your password, that was why I didn't get it but I ain't lying either based on my own experience on two different occasions. Maybe Yahoo has changed the process.I would have loved to confirm with my mail and number again but I don't want to experiment now.lolz.

On a more serious note, doesn't it look stewpid that all you need to get access to someone's mail is the USERNAME and some minutes with the person's phone?

femi4: Seems its been long you use that process, if you have alternative mail activated or use a phone number, you ll bypass the question tag

I actually forgot the password to the alternate email addy which I opened in a hurry then so, there was no way through that. The only option I had aside the security question was the phone number option, I went through it and it started bringing me back to the security question again. Well, maybe things have changed now.

femi4: Like the one I did to punish some1,
I gain access to the mail by answering the security question ( I know him so well to guess right), quickly change his security question.
I removed his phone number from the recovery option (he didn't use alt mail)
And finally, I change the password

The above narration only validates my initial stand cos you used the security question to penetrate his mail account. If you had strictly used the phone number option, I would have been greatly convinced.

[quote author=naturalwaves]This story looks like an Abracadabra and it is difficult to believe. Even if it is that easy getting a sim swapped on Airtel, when the supposed cracker wanted to contact Yahoo, did he just get a Password just like that from Yahoo? Impossible! Getting your password changed on Yahoo isn't that easy. Okay? And the Domain Name Registrer too gave out another Password on sighting just a note for a change of password? I haven't read something as hilarious and ridiculous as this claim in a long while even if you go to court with this crap, you will outrightly lose the case on the first day.
First of all, confirm the sim swap procedure and how the hacker did it from Airtel and then contact Yahoo and get to know how the verification for password changed such that yours was given out so cheaply on just a request then contact your DNR too to get the full details of how your password was changed in a little time before you come up with claims. I understand the fact that, your website was hacked but trying to make Airtel the scapegoat for the process without sufficient evidence is really hilarious. Take heart!
You think logically and GOD bless your wisdom. U said it all bro.

D site has been released. This story is plausible buh it sounds kinda like a bottle f zobo.....fabu o!!!

Adolak: Hacked again!!! Wetin this guy do them sef.

Some people are naturally wicked.

The site is back online!

Social Engineering is not just a Nigeria issure but a world wide problem, it usually makes use of human major vulnerability, TRUST! People just need the right enlightment and a vulnerability like that of the airtel sim swap needs to be patched the requirements for sim swap is just to easy and even yahoo need add a security question when such vital information like password are required and not just the mobile verification.

........Na WA oooo!

When all what the guy(naijaloaded) keeps doing is posting phone number and bank account number for some stupid ebooks and seminars. Now his website is terribly hacked and defaced. I'm pretty sure he's not in control yet.

The site is back jare

I picked form to port to Airtel today from Mtn., with these dangerous flaw I have to wait.

naturalwaves:
When I had the problem too, I thought it will be that easy. The last process says you should follow the sign in process after getting the verification on your mobile device. When the code was sent to me then, it came with a link to continue, after I did that, it still asked for the security question which was surprising to me cos I didn't know it will ask that again after chosing the mobile option. I had to eventually think and think well before I could get my answer and I was good to go. Same thing applies to gmail except if yahoo just changed the process which I doubt. Why not do the practicals and stop quoting links.

Just calm yourself down, that'S the best way to learn, you can't be doing wrong thing and still claim to be doing it right. To reset password using phone is as simple as ABC - Just the code and nothing else! No further question after that. Once you receive the sms and enter it correctly, the deal is done. If you give me your phone for just five munites I can hack your email and anything associated with, or will you try?

Slyr0x: In the space of one hour, the entire webmaster board was overloaded with several threads titled " got hacked". On checking one of the threads, I hurriedly fired up my browser, checked the Naijaloaded site and poof, I had a defaced webpage before me.

Next thing I did was to send Naijaloaded's owner a mail informing him of the hack which he then replied to this morning saying "They Swapped my SIM, Used the Forgot Password Features and Yahoo Sent the Guy my Code, he then Changed my Yahoo Password and Requested for a Password Changing Note from my Domain Registrar, Then he finally Changed my DNS".

At first, I didn't understand the swapping part. So I fired up my browser again and started crawling through webpages with the dork "Airtel Nigeria instant swap". After much crawling, I learnt that to swap your airtel sim (i.e. to hijack another person's airtel sim), all you need is

1. An airtel swap sim which goes for just N300 and offered for sale here
2. Four (4) most dial'd no
3. The serial number on the new airtel swap sim

. .and in 20mins max, d new Sim will be ready.

That easy yeah?!

After the "hacker" swapped Naijaloaded's owner SIM, he went on to use Yahoo's Forgot Password Features which yahoo then sent the hacker a code (to the swapped sim), he then Changed his Yahoo Password after which the hacker requested for a Password Changing Note from Domain Registrar and ended up changing 's DNS.

A brilliant social engineering attack it was!

This clearly exposes vital security flaws in several customer service systems.

All a malicious person need know to hijack your SIM is your 4 most dial'd nos (your dad, mom, girlfriend, line manager, direct subordinate, etc).

You know what this means? You can directly intercept that scheduled business call by hijacking that Big Oga's sim.

The guy that perpetrated this act not only digitally hacked the owner but they socially hacked him too as he could receive calls on his behalf.

It's quite upsetting that the ecosystem that we’ve placed so much of our trust in(In this case Airtel) has let some of us down so thoroughly.

Even the online Internet banking can be easily compromised. .call the customer care line, tell them you forgot your internet banking password, they will then ask 2/3 questions (1.) Your Date of Birth (2.)Your Account number (3.) Your Phone number and poof. .you have them reeling out all the infos you need (another story for another day)


Social Engineering, albeit a new one in the Nigerian space, is here to stay. .Folks Are You Ready?

If this trick gets into the wrong set of people................hmmm