Yahoo Hacked: What to Do When Your Account Security Has Been Breached
Earlier this week, a friend of mine discovered a dormant Yahoo! account of hers was hacked. Within a half hour, she determined at least two Yahoo! accounts were breached. After several hours trying to find a legitimate point of contact, creative tenacity, and two days of phone tag, access to the accounts has been achieved.
More and more users are going to various sites, including Yahoo! Answers, as they attempt to regain control of their account. What has been reported to be happening is, after switching to the new mail format, they no longer have access to their account. Like my friend, they are notified from a friend that spam email has been sent to an email address in their inbox. Like my friend, they are frustrated with the new Yahoo!’s customer response.
If you are one of the affected consumers of Yahoo!’s services, there are a few basics and warnings that you need to know as you try to regain control over this portion of your digital life:
1. Yahoo does not have a service to “check your computer” for a fee or for free. If you come across an ad for a site claiming to represent Yahoo! like this one, don't call, don't click, just keep on searching:
2. Your problem may not be malware. If you’re uncertain that your scans are not catching malware, Malwarebytes offers a free malware scan. If you’re like my friend and keep your security software up to date, the net scan result will be 0 infected files.
3. As you try to reach a warm body, you will have to be patient and persistent. The corporate number is (408) 349-3300 and office hours are 8-5 PST, Monday through Friday. It really isn’t a great forum to leave a message but at least you gave it the ol’ college try.
4. There is a forum on the Yahoo! site to complete a survey type form. However, that’s pretty much useless if you can’t access your Yahoo! account.
5. There are a couple of e-mails that I scrounged up by switching search providers several times: a). email@example.com — this looks like a generic help desk address; b). firstname.lastname@example.org — this may get you to the account security team.
If you do manage to get a warm body on the line, the response is phenomenal.In no time their team will have you back up and running, providing the thief did not change the answers to your personal questions. Once you have regained your access, change everything:
1. Change the answers to your security questions, password, and the whole nine yards.
2. Never, and I mean never, add your phone number to the account. Many content and mail providers are trying to get everyone to enter this information to make it easier on them when an account has been breached or the user forgot their pass word. Before keying in your digits, ask yourself if you really want these jerks to have your phone number.
3. Never, and I mean never, use your real birth date when opening an account. I don’t care if it’s a violation of the terms and services, DO NOT DO IT!
4. Never, and I mean never, use the same security questions and answers on multiple accounts, be they e-mail or other accounts that you maintain online. Once a thief has this information, who knows what kind of chaos they will reap.
5. Lie on the answers to your secret questions. Face it; your digital footprint is easily traced. It’s not that hard for someone to figure out what elementary school, college, or high school you attended (thank you Classmates.com, Facebook, LinkedIn, etc).
6. Do not use a password that is sequential or alphabetical. ABC123 is not being clever. It’s being dumb.
7. Do not use a password of “Password.” Again, you’re not being clever. You’re being dumb.
8. Do not use a password that is easily found elsewhere. For example, your birth date, your graduation date, your kids birthday, names of your family, or even your dog’s name. If you’re on a social networking site and post, “Poochie-woochie had a very bad day to day. It’s so hard training a puppy,” and Poochie is your dog’s name, you may have given someone the in they were looking for.
Following these simple steps will throw the support reps off if you have multiple accounts. Once you answer the questions, the Yahoo! rep will grant a reset and, boom, you’re back in your digital email life.
Keep in mind, you’re going to have to be extremely patient in getting through as they continue to experience a “large volume of inquiries.”
Yahoo! may want to extend their hours from 8 a.m. to 5 p.m., Monday through Friday to 7 a.m. - 11 p.m. seven days a week. It looks like this could take a while.