Link to home
Start Free TrialLog in
Avatar of MJCS
MJCSFlag for Canada

asked on

How did client's e-mail password compromised?

One of my clients had a bit of a nightmare recently. He lost access to his facebook account, re-attained access and then promptly lost it again. The perp posted on his wall, added his own e-mail account and then removed the clients. He posted his e-mail password on his facebook wall.

I'm trying to ascertain what a plausible explanation is for how the client's e-mail password was compromised.

Antivirus was out of date by 5 months
Java was about 4-6 revisions behind what's current
Flash was probably 3-4 revisions behind
3 adhoc networks had been connected to in the past
E-Mail was in Outlook
Has a blackberry

I scanned the computer using malwarebytes. Then I removed the hdd and scanned with Kaspersky, then Avast, then Avira. Malwarebytes found some infection fragments. The other three found bits and pieces of java related exploits and trojans. However, no specific keyloggers were found.

I have been trying to ascertain whether the e-mail password was compromised through the adhoc networks, through the blackberry, through infection, or through physical access to the computer?
Avatar of Dave Baldwin
Dave Baldwin
Flag of United States of America image

You forgot guessing and looking over his shoulder.  Since the perp is taking personal and not necessarily financial actions, it's probably someone who knows him.  'Professional' thieves would more likely prefer that he didn't know he was compromised.
If the password was simple then it could have been guessed. This also points to someone he knows.
This is why its important to never use birthdays, pet names, kids names, street names, favourite characters and movies etc.
Also does he write the passwords down and "hide" them at his desk? Many people put a post it note under their keyboard with their passwords and think its secure.
"...or through physical access to the computer?" = or they got their hands on his BlackBerry for a couple of minutes.

People get way too casual about protecting access to their hand helds - and yet they will store information in them that is every bit as critical as what they have on their PC's.
Avatar of MJCS


how easy is it to pull password info out of a blackberry? I know it is really easy to pull it out of a laptop. There are numerous utilities that could be downloaded and run directly or off of a usb stick.
Very easy.
Just Google "lost blackberry password" and see all the ways you can do it.
Avatar of MJCS


DO you have any specific links? When I ran that search, general consensus seemed to be that you can reset your blackberry password but not retrieve it...
Avatar of btan

probably the simple password would be one but it can be easily siphoned as well. Check out this link and mostly the phishing attack would social engineered the user in form of email with link to their phished (spoofed) facebook login. User being unaware will enter the credentials and all those are stored in the hosted attacker fake website

there would be case for "forget password" where user email account (also facebook userid) would be hacked if it is using simple password etc. The "forget password" in facebook will send it to user's primary email account (in this case probably user's facebook userid). attacker got that new facebook password. Also note that sometimes, the "reminder" question in the event of forgetting password can be easily guessed as well e.g. who is the spouse etc - as typically the answer can be found if the user had social information widely available in the web

Nonetheless, I understand that Facebook has security feature in which after 25 or so logins the account is temporarily disabled,to enable the account the account owner must reset his/her account. That may be indirect trigger

for the adhoc network, you should check out firesheep which siphon credentials by hijacking cookie across unprotected WIFI network in hotspot etc. It simply can login to any facebook account without  password. The only effective fix for this problem is full end-to-end encryption, known on the web as HTTPS or SSL. See this link @

The easiest way to hijack a password is through simple phishing.

The client gets an email from someone that says "you have a new message on XYZ website (Facebook, Craigslist, whatever).  

They click on the "look alike" site, and attempt to login to their account.  Their username and password is captured, and the account is instantly compromised.  The hacker who set up the look-alike site gets an alert that he's caught a fly, goes in and changes the real password on the real account.

Start your investigation there.

Your client should go in and immediately change all remaining passwords to every other account they own- and I mean EVERYTHING; bank passwords, ebay, Amazon, whatever.  Change them now, as the hacker may be in the process of analyzing and digesting whatever they have already compromised.
Avatar of MJCS
Flag of Canada image

Link to home
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
To close with no points, simply select your comment as the solution.
Avatar of MJCS


Nobody gave me a plausible answer but I was able eventually to duplicate the process myself, therefore answering my own question.