Yahoo Mail Compromised-- Need Advice

Hi,

Yesterday, I was trying to log on to Stack Overflow. It asks you if you want to login via one of your email accounts (Google Mail or Yahoo Mail accounts, etc). I tried to do so, but I ran into some problems.

I got a screen from Yahoo saying that they strongly believed that my Yahoo Mail account had been compromised and that they wouldn't let me login in until I changed my password.

I noticed that my email and computer, in general, were running very slowly yesterday.

So, I changed my Yahoo passwords and security questions and did the same for my accounts on other services.

Unfortunately, I had a about 2000 messages in my account and some of them included important financial info. I went through my emails and deleted the financial ones. I also cancelled my credit cards.

When I checked the sent folder, I didn't see anything out of the ordinary. None of my contacts have received spam from me. In some ways that makes me more nervous. If they were sending Viagra ads that's one problem. If they didn't want me to notice the intrusion, so that they could do identity theft, that's a bigger problem.

My main concern is identity theft. Maybe some dork downloaded my messages and is sifting through them in order to buy bling and open credit card accounts?

Has anyone heard of identity theft due to a Yahoo Mail account being compromised?

I wonder how they got into my account?

Any advice? Is there anything else that I should do? What a grade a pain!

Thank you.

-Laxmidi

It's likely your password was compromised because it was easily hacked or guessed. And keeping any kind of important financial info such as your SSAN, credit card numbers, etc. in an email message is dangerous and should never be done.

Large email providers such as Google Mail, Yahoo, HotMail, and so forth are targets of hackers simply because of the large number of subscribers they host.

Since you already cancelled your credit cards, that should be OK. You need to take stock of any other info those emails contain and stay one step ahead. Cancel the Yahoo account and create another but this time use a very strong password. Preferably one that contains letters, numbers, and other characters that are hard to crack.

Use a password manager for all your passwords. I recommend and use 1Password from Agilebits.com.

chscag said:

It's likely your password was compromised because it was easily hacked or guessed. And keeping any kind of important financial info such as your SSAN, credit card numbers, etc. in an email message is dangerous and should never be done.

Large email providers such as Google Mail, Yahoo, HotMail, and so forth are targets of hackers simply because of the large number of subscribers they host.

Since you already cancelled your credit cards, that should be OK. You need to take stock of any other info those emails contain and stay one step ahead. Cancel the Yahoo account and create another but this time use a very strong password. Preferably one that contains letters, numbers, and other characters that are hard to crack.

Use a password manager for all your passwords. I recommend and use 1Password from Agilebits.com.

Click to expand...

Hi cshcag,

Thank you for the message. I've never had a problem with my email ever, so I was complacent.

My password was 10 characters long but it contained a nickname and a year so, I doubt that it was too hard for them to figure out.

Unfortunately, in terms of financial info they got literally everything. They couldn't have hacked it at a better time. I pray that they didn't download my messages or aren't aware of what they've gotten. But, if they're smart enough to hack/compromise my account, then they're probably smart enough to hurt me.

I'll take a look at the password manager that you mentioned. And I'll set up a new account. If you or anyone else has any other suggestions, I'd love to hear them.

Thank you.

-Laxmidi

I'll take a look at the password manager that you mentioned. And I'll set up a new account. If you or anyone else has any other suggestions, I'd love to hear them.

Click to expand...

Something else that might help is to subscribe to a service that watches over your credit and looks for any suspicious activities that might lend itself to identity theft.

I'm thinking about a service such as "LifeLock" or similar. My bank (Wells Fargo) offers that service to its account holders at a discount and they deduct the monthly fees from your checking or saving account.

I just had the message happen to me today. It's the first time I've had to go through the process. What does that mean? Did someone actually log into my email? I'm worried now too. What should I do next?

Butterflyhornet said:

I just had the message happen to me today. It's the first time I've had to go through the process. What does that mean? Did someone actually log into my email? I'm worried now too. What should I do next?

Click to expand...

Change your email account password to something very hard to guess (alpha-numeric+symbols), then monitor your credit cards and bank accounts activity for suspicious activity.

Butterflyhornet said:

I just had the message happen to me today. It's the first time I've had to go through the process. What does that mean? Did someone actually log into my email? I'm worried now too. What should I do next?

Click to expand...

I'm still not really convinced what benefit services like lifelock are supposed to offer? Remember that case when the CEO of one of those services posted his social security number everywhere and had to fight all sorts of fraud cases because of it?

Since you mentioned you started getting the message after signing into stackoverflow with your yahoo account, are you sure it's not just a false positive? Does yahoo offer a way to check the IP addresses that last signed in to your account?

At any rate, keep your eyes open, perhaps alert your bank and check your credit score periodically...

Also, don't hesitate to contact abuse@whoever sent you the email to verify that the email is legitimate and not someone trying to phish for your personal information - you might be giving them a valid password while changing your old one.