Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

yahoo email login from unregonised device

Posted on 2016-09-27
15
Medium Priority
?
155 Views
Last Modified: 2016-10-03
hi,

I keep receiving email on saying my yahoo email has been login using unrecognised device, anyway to check the hostname of that device?
0
Comment
Question by:marrowyung
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 4
  • 3
  • +1
15 Comments
 
LVL 29

Expert Comment

by:Dr. Klahn
ID: 41817422
Yahoo email, so far as I know, does not check or care what kind of device is logging in.  If there is a link in those emails, check it and I suspect you'll find that you're being phished.
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41817597
" If there is a link in those emails,"

what links ?
0
 
LVL 65

Expert Comment

by:btan
ID: 41818105
From yahoo - "You'll also get a security notification for any unusual account activity - for instance; if you or someone else tries to sign in to the account from a new location, computer, mobile device, or ISP." https://help.yahoo.com/kb/SLN7125.html

You cannot check the hostname device that is attempting to login - other webmail may have but not yahoo that I know of have reveal this - at most identify the country, access type (browser etc) and IP. You can try to See your account's "Recent activity" https://help.yahoo.com/kb/account/recent-activity-page-sln2073.html
0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 
LVL 49

Expert Comment

by:dbrunton
ID: 41818771
>>  I keep receiving email on saying my yahoo email has been login using unrecognised device, anyway to check the hostname of that device?

Change your password and any other security questions you may have for that Yahoo account.

Possibly the account was one of those that was hacked back in 2014 and is now being exploited by some hacker.  https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers  Yahoo has only just revealed these details.
1
 
LVL 1

Author Comment

by:marrowyung
ID: 41819246
btan,

" "You'll also get a security notification for any unusual account activity - for instance; if you or someone else tries to sign in to the account from a new location, computer, mobile device, or ISP." https://help.yahoo.com/kb/SLN7125.html"

I don't receive any, an email just said sign in from an unknown device, any idea on how can I know what IP address it is ?

dbrunton,

"Change your password and any other security questions you may have for that Yahoo account."

I knew, already get it done.

dbrunton,

"Possibly the account was one of those that was hacked back in 2014 and is now being exploited by some hacker.  https://www.theguardian.com/technology/2016/sep/23/yahoo-questinos-hack-researchers  Yahoo has only just revealed these details."

can't see the device name anyway ?
0
 
LVL 49

Expert Comment

by:dbrunton
ID: 41819304
If the mail is still at Yahoo (check your Trash) follow the instructions here https://help.yahoo.com/kb/SLN22026.html to see the emails header.   You can then determine where it is really from.

Here's a sample from Experts Exchange to me.  Look at the Received-SPF, X-Originating and the Received and the From field to help identify where it comes from.

Received-SPF: pass (domain of experts-exchange.com designates 54.173.171.194 as permitted sender)

X-Originating-IP: [54.173.171.194]
Authentication-Results: mta1018.tnz.mail.aue.yahoo.com  from=experts-exchange.com; domainkeys=neutral (no sig);  from=experts-exchange.com; dkim=neutral (no sig)
Received: from 127.0.0.1  (EHLO cron.prod.aws.redsrci.com) (54.173.171.194)
  by mta1018.tnz.mail.aue.yahoo.com with SMTPS; Wed, 28 Sep 2016 06:33:10 +0000
Received: from cron.prod.aws.redsrci.com (localhost [127.0.0.1])
	by cron.prod.aws.redsrci.com (8.14.4/8.14.4) with ESMTP id u8S6X6VQ018169
	for <abcdefghiji@xyza.cd.mm>; Tue, 27 Sep 2016 23:33:06 -0700
Date: Tue, 27 Sep 2016 23:33:06 -0700 (PDT)
From: Experts Exchange <noreply@experts-exchange.com>

Open in new window

0
 
LVL 49

Assisted Solution

by:dbrunton
dbrunton earned 1000 total points
ID: 41819315
You can do this with your message.  Check the Received field and see if it comes from Yahoo.  If it doesn't then it is spam or phishing.
0
 
LVL 65

Accepted Solution

by:
btan earned 1000 total points
ID: 41819520
From the "Recent Activity" you should be able to see the IP. See

http://aruljohn.com/info/yahoo-mail-login-activity/

You can click on location to switch to IP addresses instead of country which you should to to make sure that only IP addresses associated with your Internet connection have been used to log in.

Also you can checked on below on your email account to see if there is indicator of your account being leaked.

https://haveibeenpwned.com
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41821167
"From the "Recent Activity" you should be able to see the IP. See

http://aruljohn.com/info/yahoo-mail-login-activity/"

yes i saw that, but by using that Ip address, I can't find exactly where is this guy and what is the hostname, hostname very important.

what if it is one of our PC
?

"Also you can checked on below on your email account to see if there is indicator of your account being leaked.

https://haveibeenpwned.com"


how can it make sure that?
0
 
LVL 49

Expert Comment

by:dbrunton
ID: 41821256
Read about Have I Been Pwned here  https://en.wikipedia.org/wiki/Have_I_Been_Pwned%3F
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41821263
the only thing left is Yahoo can't show me the hostname of the Device which tried to login to my yahoo account, and accurate location. right?
0
 
LVL 65

Expert Comment

by:btan
ID: 41821270
There is best effort with ip address which cannot attribute to specific details. It may also be the IP is not the actual machine.. Even the service to check is by security researcher own effort to share dump of leaked email accounts. It is just best efforts.
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41825950
"There is best effort with ip address which cannot attribute to specific details. It may also be the IP is not the actual machine.."

but having that extra information is the best ! I can guess who use this PC as that kind of people might use sth close to thier name.

IP, who know who use that IP.
0
 
LVL 1

Author Comment

by:marrowyung
ID: 41825951
not much can be found out sir'
0
 
LVL 1

Author Closing Comment

by:marrowyung
ID: 41825952
tks all.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

IF you are either unfamiliar with rootkits, or want to know more about them, read on ....
How does someone stay on the right and legal side of the hacking world?
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question