Details describing how someone hacked into Sarah Palin’s Yahoo Mail account emerged on Thursday, and it appears to have been done with little more than social engineering.
Since Tuesday, anonymous posters using a forum on the 4Chan.org Web site have been circulating password-protected zip files containing the contents of the now-deleted e-mail account once belonging to the Republican vice presidential candidate.
Like most Web account services, Yahoo Mail provides an option to reset or recover one’s user name and password. What is unclear is how the account recovery was rerouted from the alternative e-mail address chosen by Palin to a secondary e-mail address.
When Yahoo Mail prompted for Palin’s birthday, one poster said it took only 15 seconds on Wikipedia to answer that question. When it prompted for ZIP code, Wasilla, Ala., has only two ZIP Codes. As for Palin’s personal security question “Where did you meet your spouse?” that did slow the process down. The poster claimed it took several tries but eventually hit upon the correct answer: Wasilla High.
Inkadentally, the leading suspect in the crack – I wouldn’t call it a hack, especially – is a college student named Mike Kernell.
He changed Palin’s password to “popcorn”. Whadda you think?