Jump to content

Change Mode

Yahoo has been Hacked!


Recommended Posts

For those of us who have email accounts with Yahoo, How do we safely change our user and password accounts?


In the 5th paragraph below??? Thank you!




Yahoo said Thursday that usernames and passwords of its email customers have been stolen and used to access accounts, but the company isn't saying how many accounts have been affected.


Yahoo is the second-largest email service worldwide, after Google's Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.


Yahoo Inc. said in a blog post on its breach that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."


That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.


The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.


The breach is the second problem for Yahoo's mail service in two months. In December, the service suffered a multi-day outage that prompted Yahoo CEO Marissa Mayer issue an apology.


Yahoo said it believes the usernames and passwords weren't collected from its own systems, but from a third-party database. It's not clear why a third-party database would have information on Yahoo accounts.


Yahoo said it is resetting passwords on affected accounts and has "implemented additional measures" to block further attacks.


The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement.

Link to comment
Share on other sites

Changing a user name is problematic as a different username... is a whole different account.


Changing a password is quite simple and should be done periodically.



Also, you might want to keep in mind that the number of characters used makes the password stronger (password and 123456 are both very poor passwords). A password like "Thisisthepasswordtomyyahooaccount" is much stronger because of the number of characters. "ThisisPassword5forMyYahooAccount!" is stronger yet because of the use of small and uppercase letters as well as numerals and special characters.

Link to comment
Share on other sites

Thank you Tomk_ but this is what is making me nervous.





The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That's because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.

Link to comment
Share on other sites

Which is why changing your password periodically is a good idea. If your password is hacked... they have access to your email. If you change it... they are locked out again.


If you lose your Yahoo password and therefore cannot get into your account... and then have them email you your password to that same Yahoo account... you won't be able to get to it.


The risk that is trying to be solved is... if someone requests the password to your bank account - it is then mailed to your Yahoo email. If they cannot access your email account... they cannot get the password to your bank account. Just like I said earlier... it is a good idea to change the password to your bank accounts periodically. It's absolutely imperative if you notice unusual activity or even if you are a victim of any potential rootkit or backdoor on your computer. The only thing you can do is be diligent and take precautions, such as changing your passwords.


If someone hacked your email and then requested that your bank password be emailed... it will go to the account you set up with (theoretically your yahoo account) and you would see the email. If this happens... I suggest you immediately call your bank! Then change your passwords on bank and email accounts.

Link to comment
Share on other sites

Thank you Tom_k and Jacee, Changing my passwords using a secondary email account? How does one do that? Sorry I'm just not quite sure how to do that. Thank you!



I think I may have that figured out. When I go into Yahoo to change my PW it will be sending the newer one to a secondary email account that I have listed in my Yahoo account and that is how I will then be using the temporary one they send me to go in and create a new PW. Is this correct? Thank you, so sorry not very good with computers. Thank you again!

Edited by darkeyes
Link to comment
Share on other sites

That sounds right. I believe that is what Jacee was saying. Yahoo doesn't send the password to the account you can't get into, it sends it to a secondary account that you set up when you set up the yahoo account.


I used to have a yahoo account and I seem to remember it would text message me my password to my phone?


Anyhow... you don't change your password from a secondary account. You must be in the account that you want to change the password to... when you change it. When you change it - they will not email you the change... though they may email you to verify that it was in fact you that changed it.

Link to comment
Share on other sites

Important Notice: Yahoo Mail User Security Update - All Yahoo accounts that were impacted by the most recent third-party database compromise have been secured. Learn more about the compromise .


Second sign-in verification

Add an extra layer of protection to your Yahoo account with second sign-in verification. It's easy to do!


What is second sign-in verification?

When you sign in to your account, if we don't recognize your device or location, we'll ask for a second verification step.


Why is it important?

If someone other than yourself tries to access your account, even if they guess your password, they still wouldn't be able to get in without using this second verification.


Activate second sign-in verification

Visit your Yahoo Account Information page.

Under "Sign-in and Security," click Set up your second sign-in verification.

Follow the instructions on the screen to complete setup. You have two options:

Use either your security questions or a supported mobile number for verification.

Use only your mobile number for verification.




Did you know? Some third-party apps don't work with second sign-in, and will require you to generate a separate "App Password" to connect with Yahoo. They include:


Mail apps like iOS Mail, Android Mail, and Outlooks

Some Yahoo apps like Messenger on PC



Second sign-in will only trigger the first time you use your computer or device, unless you have cleared your browser's cache.

If you change your mobile number, update it in your Yahoo account info.

If you lose your mobile phone, please sign in using a device we recognize.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...