# Yahoo mail says attempted login from its own server?



## BhargavJ (Oct 23, 2014)

When I logged in to my Yahoo mail account today, I got a message of a suspicious login attempt. I changed the password, and when I was about to log out, it gave the same message again. The message reads:

We detected a suspicious login to your Yahoo! account (Oct 23, 2014, 4:51 AM) from WA, US (98.136.188.113).
Note: This location is based on information from your ISP or wireless provider.

Here's a screenshot of the login history:

*s27.postimg.org/c6q2b9swf/Y_At.jpg

I checked this IP (98.136.188.113) on Google; this page says its Yahoo's own server:

98.136.188.113 - See the IP Whois report for 98.136.188.113

So what am I supposed to make of this?


----------



## cartel (Oct 23, 2014)

Hey same here.
I asked me a security question before I could log in, then I got a email saying 	
Unexpected sign-in attempt
I looked at the IP history and it shows  
Yesterday 	
9:05 AM 	Browser 	Mail Access 	98.136.188.113
Today 	
7:55 AM 	Browser 	Logged in to Mail 	98.136.188.113

wtf is Mail Access?
I dont see it in the history before.
And who the hell is 98.136.188.113?

It seems to be Yahoo...are they spying on me?

Yahoo - login


----------



## Vyom (Oct 23, 2014)

Someone from Yahoo itself is working for NSA to steal your private and confidential mails?

Yahoo mails don't have two step authentication, is it? But then if Yahoo were to be working for NSA, nothing can stop it.


----------



## BhargavJ (Oct 24, 2014)

cartel said:


> Yahoo - login



What is this link you've given? I opened it, but first Firefox blocked it as Web forgery; when I chose ignore, Kaspersky blocked it. When I chose ignore in both cases, it opened the Yahoo mail login page! Looks exactly like the regular Yahoo mail page, only the URL at the top is the IP address 98.136.188.113 instead of the regular *login.yahoo.com. But the IP belongs to Yahoo itself; so Yahoo has set up a phishing page?!



Vyom said:


> Yahoo mails don't have two step authentication, is it? But then if Yahoo were to be working for NSA, nothing can stop it.



Yahoo does have two-step authentication. I tried to set it up, but it said every time I logged in, it would first send an SMS to my mobile and I'd have to enter the code sent to the mobile in the web page to log in, and carrier charges would apply. If I open five email IDs even once a day, that's five rupees... 

Yahoo, Gmail, and everyone else is probably passing information on to the NSA, so the NSA is not something I'm worried about. Even if I do worry about the NSA stealing my information, what am I going to do to stop it? I'm more worried about some individual stealing my info rather than an intelligence agency (which is probably stealing everyone's info).

A lot of other people are facing this same problem:

*ca.answers.yahoo.com/question/index?qid=20141022202220AAzJTfE&act=aq


----------



## cartel (Oct 24, 2014)

BhargavJ said:


> What is this link you've given? I opened it, but first Firefox blocked it as Web forgery; when I chose ignore, Kaspersky blocked it. When I chose ignore in both cases, it opened the Yahoo mail login page! Looks exactly like the regular Yahoo mail page, only the URL at the top is the IP address 98.136.188.113 instead of the regular *login.yahoo.com. But the IP belongs to Yahoo itself; so Yahoo has set up a phishing page?!
> 
> 
> 
> ...



As far as I can tell, the IP's belong to Yahoo.
I see more on my login page too.




8:54 AM Browser Mail Access 98.136.188.115
8:52 AM Browser Logged in to Mail 98.136.188.119
8:48 AM Browser Logged in to Mail 98.136.188.118
3:15 PM Browser Logged in to Mail 98.136.188.123


----------



## Vyom (Oct 24, 2014)

BhargavJ said:


> Yahoo does have two-step authentication. I tried to set it up, but it said every time I logged in, it would first send an SMS to my mobile and I'd have to enter the code sent to the mobile in the web page to log in, and carrier charges would apply. If I open five email IDs even once a day, that's five rupees...



That's now how dual step authentication is suppose to work.

It works the following way (atleast in Google):
1. You try to login to GMail
2. Google identifies if the browser you are trying to login is registered with your EMail account
3. If not it asks you to enter a Code which they send to your registered mobile
4. You then look the code in your mobile and enter the same in the browser
5. You have also the option to checkmark something like "Remember this browser" or "Never ask code for this browser".
If you checkmark it, you are never asked to enter the Code again for that browser (of that system).

So suppose now if you use a mobile browser or another browser of your PC, you will again will be asked for the code, but if you choose to save it, you are never asked it again.

Never in this whole scenario, I had to shell a single rupee. Even if I enter code everytime, its Google which sends the code to me, and no charges are applied from my end.


----------



## BhargavJ (Oct 24, 2014)

I'll check again about the two step authentication. If its for free, I'll use it.

How does Yahoo or Gmail know which computer or browser I use regularly? Do they leave a cookie or anything else in the computer? I use a sandboxed browser, and each time, after closing the browser, I delete the sandbox. So they must be using some permanent code of the computer to identify it. But I often open my mails on my office computer, and Yahoo or Gmail never ask for anything. One time though, I used a US proxy from home, and that time they did ask, maybe because the whole country had changed.


----------



## Vyom (Oct 24, 2014)

^^ Yes, maybe they track with cookies. Since I have saved the browser information they don't ask for entering the code again. 
BUT, if I use say the InPrivate mode of the same browser, and same PC, then it does ask for the code.


----------



## Minion (Oct 24, 2014)

Change your email to microsoft it is much secure.Yahoo mail service is both slow and insecure.


----------

