Yahoo Email Account Passwords Stolen

YahooYahoo said Thursday that usernames and passwords of its email customers have been stolen and used to access accounts, but the company isn’t saying how many accounts have been affected.

Yahoo is the second-largest email service worldwide, after Google’s Gmail, according to the research firm comScore. There are 273 million Yahoo mail accounts worldwide, including 81 million in the U.S.

Yahoo Inc. said in a blog post on its breach that

“The information sought in the attack seems to be names and email addresses from the affected accounts’ most recent sent emails.”

That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

The bigger danger: access to email accounts could lead to more serious breaches involving banking and shopping sites. That’s because many sites use email to reset passwords. Hackers could try logging in to such a site with the Yahoo email address, for instance, and ask that a password reminder be sent by email.

The breach is the second problem for Yahoo’s mail service in two months. In December, the service suffered a multi-day outage that prompted.

Yahoo said it believes the usernames and passwords weren’t collected from its own systems, but from a third-party database. It’s not clear why a third-party database would have information on Yahoo accounts.

Yahoo said it is resetting passwords on affected accounts and has “implemented additional measures” to block further attacks.

The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement.

I was one of the people affected by this hack. My account was compromised and spam was sent based off the information stored in my sent folder. I regularly clean my sent items and I do not keep an online address book in order to minimize the potential dangers that a compromised account brings.

Some people may have received an email from me that is a bit unusual so please do not follow the link.

I have one report of a person getting a spam email from my account. I have not been able to obtain the senders list that was used but I expect that there are a few more people or businesses that may have received a piece of spam from my account.

I suggest to everyone, with a Yahoo email account, to change their password as well as ensuring that someone else has not been added to “how Yahoo contacts you”. In order to accomplish the above, please follow these simple instructions

Password Reset:

  • Go to http://mail.yahoo.com
  • Go to the gear in the upper right corner known as settings
  • Click on “Account Info
  • Provide your current password
  • Click “Change Password
  • Type in your current then new password
  • Save

Checking your “Choose how Yahoo contacts you” settings:

  • Go to http://mail.yahoo.com
  • Go to the gear in the upper right corner known as settings
  • Click on “Account Info
  • Provide your current password
  • Click on “Choose how Yahoo contacts you
  • Make sure that the information is correct and that nothing is added that is not yours. IE; phone numbers, email addresses, etc…
  • Save

 


Leave a Reply

Your email address will not be published. Required fields are marked *