Flickr hacker problem

joolsveer

I have been having some access issues with my Flickr account and after following it up with Flickr I received this messge below. Has anyone else come across this problem before?

Hello www:

Thanks for writing in . . .

Yahoo! ID "xxxx" has been deactivated by Flickr staff because it had apparently been taken over by a hacker, most likely through a "phishing" scam.

Below is information that may be useful to understand what phishing is, how it works and how you can protect yourself:

http://en.wikipedia.org/wiki/Phishing

http://www.fraud.org/tips/internet/phishing.htm

http://www.ftc.gov/bcp/conline/pubs/alerts/phishingalrt.htm

We've temporarily disabled access to your Yahoo! ID and Flickr account to prevent further tampering with the Flickr account.

Please see our Security Warning regarding here:

http://blog.flickr.com/2007/03/page/2/

If you downloaded malicious software, we have also created an FAQ regarding information on the next steps you should take to regain control of your computer:

http://www.flickr.com/help/website/#236

Please let us know when you feel your machine is secure and we'll be glad to restore access to your account.

Kind Regards,
yyy

Zillah

Not an issue for the photography forum really but anyway:

Can you access your Yahoo account?
What email account was this sent to?
What address was this sent from?
Do you have decent anti virus software?
Did you stupidly give your log on details to anyone, including someone you thought was from Flickr or anywhere else?

rymus

That's odd.. among all the complete crap email I get every day I dont think I've ever seen a flickr phishing scam. I wouldnt have thought it'd be in anyones interest to hack a flickr account, I mean it's not like there's going to be gain, either financial or material, like there would be with ebay or paypal phishing..

Odd..

joolsveer

I keep my security software up to date and run XP, Vista or Ubuntu with all recommended updates. I don't share usernames or passwords with anyone else. I also don't know why anyone would want to hack a Flickr page.

The upshot is that I have been unable to access my Yahoo account or my Flickr account for some weeks now. When it happened first there was a message in cyrillic script on my Flick page but it has since gone.

I wanted to give other photographers a heads up on this issue and posted here.

This is my Flickr page http://www.flickr.com/photos/joolsveer

rymus

would they not reactivate your account if you changed your password to something fantastically unguessable? Flickr seem all too willing to lay down their law of late. Maybe a polite but firm email stating that if you change your passwords, they have to reactivate your account

joolsveer

I have tried this Rymus so I hope they will agree to let me access the account now.

Calina

There is an issue with some comments linking to supposed flickr groups but where the url is actually not on the flickr side with a malicious script running which can compromise your flickr account. One of the downsides is that your id may be used to leave similar comments elsewhere. And yeah, the comments do subsequently vanish.

Flickr users who get these comments are encouraged to contact flickr to let them know that a user account may have been compromised in this way...it is possible that this is what happened with your account and this is why you are locked down.

I'm not totally on top of the details here but if there is a link in any comments purporting to be some sort of a flickr group, the key thing is to make sure that the link goes back to flickr. If it doesn't, be suspicious.

Jools - word of advice - clear out your cache, and temporary internet files and cookies. Also run a virus scan. The one other person I know who ran into this subsequently had a clean bill of health from Norton, but not from AVG. It may that this will sort out your logon problems.

joolsveer

I bought a laptop just over a month ago which came with Vista and had Norton Internet security software on it. I have since got rid of Norton and replaced it with software which I use on other machines. I too have heard a lot of bad reports about some security software products.

440Hz

rymus wrote:

I wouldnt have thought it'd be in anyones interest to hack a flickr account, I mean it's not like there's going to be gain, either financial or material, like there would be with ebay or paypal phishing..

Thats what I thought when I first read it, but actually it makes perfect sense. Find a member with good shots, hack the account, download the high res versions and sell them... :mad:

rymus

that'd take an awful lot of organisation and luck, more than your average scammer who's looking for a quick return would bother with... in my opinion anyway..

Seems easier to clean out someones paypal account in 5 mins than it is to download 100's of high res images and then pray someone will buy them off you. Unless of course it's the media that are doing the hacking.

City-Exile

Calina wrote:

The one other person I know who ran into this subsequently had a clean bill of health from Norton, but not from AVG. It may that this will sort out your logon problems.

By it's very design, AVG will find "threats" that don't really exist.
It will tell you that boards.ie cookies are a threat!

If you have Norton, keep the definitions up to date and don't use an account with Administrator rights, you should have no serious problems.

Avoiding dodgy websites is also a good idea.

As a corporate solution, we deploy Trend Micro but Symantec/Norton products are quite reliable.

Paulw

City-Exile wrote:

By it's very design, AVG will find "threats" that don't really exist.
It will tell you that boards.ie cookies are a threat!

I've always used AVG and have never had any problems with false threat reports. It doesn't find any problems with my cookies.

I find AVG brilliant. It always works, is always updated, and it's free.

I've always found Norton to be the worst. So hard to deal with.

From my 15+ years of experience, Norton is a nightmare, and symantic isn't a whole lot better.