Palin Yahoo Account Hacked With Reset Password
A first-hand account of the hack was briefly posted to the 4chan forum, in which the individual claimed that the hack involved guessing Palin's personal information. Rather than hijacking the account, the individual claimed to infiltrate Palin's e-mail account with Yahoo's "Forgot My Password" reset feature, which prompts a user to answer a "secret question," such as name of their first pet or grade school, before allowing them to reset the e-mail account password.
"i am the lurker who did it and i would like to tell the story," the blogger wrote.
The authenticity of the self-procliamed hacker could not be independently verified Thursday. The FBI and Secret Service launched an investigation Wednesday of the hack. Yahoo did not immediately return respond to requests for comment from Channel Web.
The individual, known on the blog post as Rubico, said that he was able to determine that Palin met her husband Todd in high school, along with her date of birth and zip code from Internet searches on Wikipedia and Google. Altogether, the hacker said that the process took no more than 45 minutes by experimenting with different word combinations until deriving at the correct word order.
"I found out later though [sic] more research that they met at high school, so I did variations of that, high, high school, eventually hit on 'Wasilla high,'" he said. Once the right combination was achieved, the hacker changed Palin's password to "popcorn," he said. The hacker said in the posting that he had hoped to find something to "derail her campaign" but admitted that there was nothing incriminating.
"I read though the emails ALL OF THEM before I posted, and what I concluded was anticlimactic," said Rubico in the posting. "There was nothing there, nothing incriminating, nothing that would derail her campaign as I had hoped, all I saw was personal stuff, some clerical stuff from when she was governor. And pictures of her family."
The self-proclaimed hacker said that what had started out was a prank was thwarted when he realized that breaking into the Alaska governor's account constituted a federal offense. He claimed he realized the likelihood of being investigated due to the fact that he used only a single proxy server to mask his location.