P16: a blog by Matt Kangas home archive
19 Sep 2008

How Sarah Palin's Yahoo Mail account was hacked

You may have heard by now that Sarah Palin's Yahoo Mail account got hacked. It was her personal account, but allegedly she was using it for state business or somesuch.

More interesting to me is the story of how it was hacked.

Veracode Blog - Learning From Sarah Palin’s Yahoo Mail Compromise

Shockingly easy: they just used "password reset" and guessed some supposedly-private "secret questions". The article also points out why Gmail's password reset function is more secure.

Lesson: don't use "secret questions" that someone can easily guess about you -- or look up on Wikipedia!