Social engineering cracked Palin's e-mail account

Criminal hackers exploited known weaknesses in the password recovery feature to gain access.

Details describing how someone hacked into Sarah Palin's Yahoo Mail account emerged on Thursday, and it appears to have been done with little more than social engineering, the process of acquiring personal information through social manipulation.

Meanwhile, the Knoxville News Sentinel is reporting that a 20-year-old University of Tennessee student has been contacted in connection to the federal investigation of the break-in. Further details are not known.

Since Tuesday, anonymous posters using a forum on the Web site have been circulating password-protected zip files containing the contents of the now-deleted e-mail account once belonging to the Republican vice presidential candidate. Various posts to the /b/ board have also provided insight into how the hack was carried out.

Like most Web account services, Yahoo Mail provides an option to reset or recover one's user name and password. What is unclear is how the account recovery was rerouted from the alternative e-mail address chosen by Palin to a secondary e-mail address.

When Yahoo Mail prompted for Palin's birthday, one poster said it took only 15 seconds on Wikipedia to answer that question. When it prompted for ZIP code, Wasilla, Ala., has only two ZIP Codes. As for Palin's personal security question "Where did you meet your spouse?" that did slow the process down. The poster claimed it took several tries but eventually hit upon the correct answer: Wasilla High.

Web mail accounts are not alone in using online security questions. In May Axiom, a Little Rock, Ark.-based data warehouse company, announced it was introducing a new biographical authentication service that asks online banking and e-commerce site users random questions based on their personal lives such as "How many fireplaces are in your current residence?" The answer can be obtained from any real estate Web site.

4Chan's "random" /b/ board is no stranger to controversy. In January, members waged an online media war against the Church of Scientology. Prior to that, the site popularized Lolcats, pictures of kittens with cute captions, and rickrolling, linking to videos of Rick Astley's 1987 song "Never Gonna Give You Up".

Featured Video
This content is rated TV-MA, and is for viewers 18 years or older. Are you of age?
Sorry, you are not old enough to view this content.

Microsoft demos wearable holograms on HoloLens

Microsoft shows off holograms you can hold with a mixed-reality game called Project X Ray. The new game runs on the company's HoloLens platform.