[Alpacasite] Hacking: Can Anyone Explain This?

Hello, Everybody --
Greetings from a very chilly Nova Scotia. I hope everyone is enjoying the holiday season, and not getting too stressed out from all the time-commitments that seem to creep into our lives at this hectic time of year.

Something happened that I want to alert you all to. Recently, a hacker somehow managed to access one of our Yahoo e-mail accounts, apparently through our Internet website. We're stumped as to how this happened and want to prevent it from happening again. The reason I'm posting this on Alpacasite is because I know a lot of readers have on-line stores, and perhaps you can learn from our experiences...and from the knowledge of others with technical understanding of website and e-mail hacking processes.

Here are the sketchy pieces of the story. My wife, Suzy, has an on-line fibre arts store with a unique e-mail address. The e-mail address was created only three weeks ago. Somehow, the hacker went onto her website and then accessed not only the information to her e-mail address (which is visibly posted on the website), but then somehow also gained access to the Yahoo e-mail password. The hacker then proceeded to send out an offensive message to us and to everyone in the address book. The only advance notice we had that something funny might be going on is that the on-line store had a couple of "orders" sent to us that were either completely blank (no data fields completed), or contained computer code. The site is encrypted, so we didn't have too much concern about these annoying "orders" at the time they came in.

The reason we are fairly certain that the access took place through Suzy's website is because the offensive e-mail that was subsequently transmitted from her e-mail address referenced unique information (e.g. phone number + marketing tagline) available only on the website. Our webmaster told us to change our e-mail password immediately to a "very secure" password (consisting of a lengthy sequence of upper- and lower-case letters, numbers, and special characters). Previously, we had used a password that was short and consisted of only letters.

Can anyone with some computer savvy explain this to me? How did these hackers discover our password, and why is the use of a "very secure" password a deterrent? Also, other than changing this password regularly, are there any recommendations on how to prevent our website from being a portal to our e-mail? We also have two firewalls in place, so we feel that our PC itself is protected...or is it? Doesn't Yahoo have a firewall of some sort in place to protect its customers? Is there any reason to be additionally concerned about the (apparent) attempts at accessing our on-line store? As I mentioned, information containing credit card information is encrypted for transmission; but are there other precautions we should be taking as a double-safeguard? Thanks in advance.
--Dave
Tatamagouche, Nova Scotia

[Non-text portions of this message have been removed]

------------------------ Yahoo! Groups Sponsor --------------------~-->
1.2 million kids a year are victims of human trafficking. Stop slavery.
http://us.click.yahoo.com/WpTY2A/izNLAA/yQLSAA/jO1qlB/TM
--------------------------------------------------------------------~->

Opinions and postings on this list are the sole responsibility of the person posting the message. The accuracy and content of each message in no way reflect the opinions of the administrator or Yahoo.

List administrator - Rick Horn - All American Alpacas alpacas@alpacaweb.com
http://aaalpacas.com

TO CHANGE OPTIONS visit http://groups.yahoo.com/group/Alpacasite/join
Yahoo! Groups Links

<*> To visit your group on the web, go to:
http://groups.yahoo.com/group/Alpacasite/

<*> To unsubscribe from this group, send an email to:
Alpacasite-unsubscribe@yahoogroups.com

<*> Your use of Yahoo! Groups is subject to:
http://docs.yahoo.com/info/terms/