How could someone hack my yahoo email account?

[soarwitheagles]

Hi guys!

I was surprised this evening when I noticed a massive amount of "undeliverable" emails showing up in my Yahoo Mail inbox.

My wife suggested I check my "Sent" folder in Yahoo Mail. Sure enough, everyone on my contact list was there, showing I had sent an email to everyone on my contact list.

Also, someone changed one of my personal profile phone numbers to frigging Argentina.

Can someone tell me what just happened?

I ran my antivirus scan, nothing came up. Ran AntiMalware, nothing came up.

I immediately changed my weak password.

What else can I do?

Thank you,

Soar

 

[Yevrag35]

Don't worry, you weren't the only one with your password hijacked.
Mine was also compromised over the weekend. Fortunately, the only thing I use my yahoo account for is as a junk email address when I don't care to share my real one. Funny thing is I also have a gmail address for the same purpose, but that one, I never seem to have any problem with.

My suggestion to you is not keeping confidential emails, files, or anything of value in a yahoo/gmail account, as there will always instances, like this one, where you think it's safe but it's not.

They also probably didn't hack your individual account, but rather Yahoo's central server and leaked accounts and passwords out to the world. If that's the case, there's absolutely nothing you do about it.

 

[carnageX]

Just make sure your password is changed to something strong so it can't be broken.

 

[Yevrag35]

Just to update, I've talked to about 20 people already this morning who've said that they believe their yahoo accounts were hacked into. This definitely leads me to believe Yahoo was compromised, and either a list of accounts/passwords or the hash key they use to decipher the passwords were leaked. Most likely is the former explanation, because they've all said they've experienced this within the past week.

 

[KSoD]

I immediately changed my weak password

You already said what the problem was. You knew you had a weak password and yet you let it stay on the account. It probably only took a brute force program a few seconds to figure it out if you think it was weak.

Make sure you change any other accounts you might have with the same name and password...

 

[iFargle]

Also, I'm not sure if yahoo! has it, but enable two-step verification.

 

[soarwitheagles]

You already said what the problem was. You knew you had a weak password and yet you let it stay on the account. It probably only took a brute force program a few seconds to figure it out if you think it was weak.

Make sure you change any other accounts you might have with the same name and password...

Thanks and I did change the password and set up two step verification too.

Soar

 

[Alexffiala]

Another Yahoo! breach in security? When will they learn?

Don't use Yahoo, if it's on the same scale as last year's breach, they haven't learned and the trend will continue.

There are other, far more secure, email providers out there. Gmail is an obvious enterprise choice, but there are also less invasive email providers such as hushmail. If you don't want your email information sold to marketing companies, use email providers that are non-invasive and have adequate ssl security.