So just how did the Yahoo! email account of Sarah Palin, John McCain's running mate, get hacked
? It wasn't by brute force, or because the password was obvious (like if she used her own name, Palin). No, it was social engineering that done her in.
According to hackers posting to the /b/ board (or Random board) at 4chan.org
, they didn't hack her password, they reset it.
Using the Yahoo! Mail option to reset or recover one's user name and password (above), they were able to reset her password. As she is a public figure, determining her birthday --- no problem. Zip code? Only two of them in Alaska. And her secret question, the one she set up? "Where did you meet your spouse?" It took the hackers some time, but not that long. After a few tries, the poster said he hit upon the correct (and relatively obvious) answer: Wasilla High.
So what can you
learn from this? Besides using a strong password (which in this case, didn't really matter) --- one which includes characters, numbers and symbols, if allowed --- use a secret question that's really obscure, not the name of your high school mascot, or your pet, or anything that a hacker might be able to find out with some investigation.