My RoadRunner Email Has Been Hacked – Five Times in Three Days.

A few days ago, one of my Time-Warner/Road Runner email accounts refused to recognize my password. After several attempts, I gave up, and returned the next day and attempted to gain access. No luck.

Via the RoadRunner help website, I changed my password and subsequently received dozens, possibly hundreds of spam emails, most titled “”Returned mail: see transcript for details“, ”failure notice“, and ”Delivery failure“. So, OK, someone spammed me, and RoadRunner must have shut down the mailbox because my mailbox must have been full. Right?

Wrong. The last email I received, (chronologically the first email,) was an email from Road Runner letting me know my email password had been changed. Only problem: I had not changed it, and it was sent right at the same time that I lost access to my email account.

Someone had hacked into my email, changed the password, and spammed me.

I changed the password, and all worked fine, but I was pretty angry. I called RoadRunner, and was told to send an email detailing the issue to ”abuse@rr.com“, which I did.

Two days later, TimeWarner called me to tell me my email had been hacked into. He was unaware that I had contacted them via voice and email. Now, here’s where it gets interesting:

He told me that they had seen a ”spike“ of email hacking – people using a computer program to change your email password by changing your security question. So, they find a way to change the security question, then they change your password. Which is smart. As you probably know, most password verification systems shutdown after a certain number of bad attempts, and need to be reset by the company/website operator, etc., of which you are trying to access. This is done to stop people from gaining access to your account. But, as the Time Warner rep told me, there is no limit on attempts to change the security question. Think of it very simplistically as that seen from Wargames, when Matthew Broderick attempts to dial into a remote computer to play a game, and his program keeps dialing until he gets an answer. It’s something like that.

Now, here’s the real issue: The man I spoke with told me that Time Warner knows about this problem, and, as I mentioned before, they had seen a spike in the hacking around July 4th. But they didn’t tell anyone. I asked him, ”Wouldn’t it have made sense to let people know, so they might take action, or be more careful if they detected trouble?“ I guess not.

What I find interesting, and perhaps, I’m being naive, but why would anyone do this? Anyone can send spam without hacking into an email account. I’m on a Mac, so I don’t believe I have a virus, or spyware, or key-stroking apps installed…

To finish the story, I changed my password, and, in the past 24 hours, my email has again been hacked into four more times. Last night, I called Time Warner again, to let them know that it happened again. The call took 45 minutes, I was passed onto five different people, none of whom could help, and, I guess on a holiday weekend, asking for a supervisor is code for dump this call back into the cue. As an aside, I find it ironic that the support reps ask you your name, address, phone number, and several other questions to ensure they are talking to the account owner (me,) but they take insufficient precautions to secure my email account.

My question to you is: Has your email account ever been hacked? How big a problem is this?

---

I welcome your comments, or, feel free to email me. Why not take a look around? If you like what you see, would you add me to your blogroll? Thanks.

Tags: email, hacking, Road Runner, Time Warner