(IMPORTANT: Before I get to my story, if your Yahoo! email has been hacked I recommend that you immediately change your password, update your security questions and ensure your Yahoo! Mobile and Y! Messenger are both up-to-date. You should also visit Yahoo! Email Abuse Help and use this process if you are unable to login to your Yahoo! account. Also, make sure to read the comments on this post since there is a tremendous amount of good information there as well.)
(UPDATE 12/13/11: Yahoo has introduced second sign-in verification as an added security measure. It will require that you add a mobile phone number and verify it via a text message. Here’s the direct link to start using second sign-in verification.)
It happened just before we arrived at the San Francisco Zoo. We are at a red light on Sloat Boulevard when my phone started to vibrate.
Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz. Buzz.
Had the rapture come a day late? No. I was getting undeliverable messages. Lots of them. My Yahoo email had been hacked!
Here are the two important lessons I learned as a result.
I Have Good Friends
I didn’t want our day at the Zoo ruined, me staring into my phone resetting passwords and figuring out what happened. So I put the problem on the back burner and proceeded to have a fun family day.
But I did take time to quickly tap out a response to people who replied to the spam coming from my hijacked account. Why? Because they took the time and effort to give me a heads up that I had a problem. These were good people. Good friends.
The thing is, I’d gotten a number of these same emails lately from other hacked Yahoo accounts. I figured these people knew they’d been compromised and I didn’t need to respond. With the shoe on the other foot, I realized those emails were comforting even though I was well aware of the problem.
I’ll shoot off an email the next time I get a hacked email from someone.
Yahoo Email Security Failed
The odds are that I will get another one of those emails because I learned just how easy Yahoo makes it for hackers.
Upon getting home I went about securing my account. On a lark, I checked Yahoo’s ‘View your recent login activity’ link.
Sure enough at 10:03 AM my account was accessed from Romania. This obvious login anomaly didn’t set off any alarms? Shouldn’t my security questions have been presented in this scenario? I have never logged in from Romania before.
I’ve never logged in from outside the US. Yahoo knows this. In fact, Yahoo knows quite a bit about my location.
My locations puts me in three states: California, New York and Pennsylvania. I also have location history turned on, so it’s not just my own manually saved locations (some of which are ancient), but Yahoo’s automated location technology keeping track of me.
Do you see Romania in this list? I don’t.
Why is Yahoo making it this easy for spammers to hijack accounts? Make them work a little bit! At a minimum, make them spoof their location.
Yahoo should have noted this anomaly and used my security questions to validate identity. I still would have had to change my password (which wasn’t that bad) but I would have avoided those embarrassing emails.
A simple rule set could have been applied here where users are asked to validate identity if the login (even a successful one) is outside of a 500 mile radius of any prior location.
I’ve had a Yahoo account for over 10 years without a problem, even as I moved my business accounts over to Gmail.
Yesterday I thanked those friends who had my back. Unfortunately, Yahoo wasn’t one of them.
The Next Post: Google SEO Communication
The Previous Post: SEO Freeloaders
Comments About Yahoo Email Hacked
// 445 comments so far.
Ioana // May 25th 2011
Oops! We do have quite a few hackers in Romania…
Is it perhaps safer to use an e-mail account associated with your website’s domain? I’ve often wondered if it wouldn’t actually attract more hackers.
I always found Yahoo’s security questions rather idiotic, as it’s not hard to find out the honest answers, so you actually need to lie and remember what was the false information you gave.
Paula // May 31st 2011
Thank you for posting this! I had the same thing happen to me this morning. I checked my Recent Login Activity this is what it showed:
6:22 AM — Yahoo!Mobile — Logged In — NETHERLANDS
6:22 AM — Yahoo!Mobile — Logged In — NETHERLANDS (yes, twice)
6:45 AM — Browser — Logged In — FL, US (where I am)
6:46 AM — Browser — Logged In — CA, US (huh???)
6:46 AM — Browser — Logged In — FL, US (wait, no alarms? Seriously?)
The one in CA set off extra alarms for me, for sure. I went into my mail security (gives a list with General, Spam, etc.) and selected “Accounts”. There was one very much like one of my alternate accounts from my profile, but had a different @ extension. It also was the only one there that didn’t forward everything to my yahoo inbox.
Thanks again for your good attitude about this. It really helped me keep perspective! (I have email addresses in my address list that I haven’t communicated with in…a decade? More? LOL)
aj // June 03rd 2011
Paula,
Thank you for sharing your own experiences and showing, yet again, the ease in which Yahoo could detect malicious behavior.
Michelle // November 17th 2015
Well big news. Its not just yahoo anymore. I always thought yahoo was my safest. And im not lookin for points either. In fact i have only 3 yahoo accounts. Versus 25+ Google accounts. Doesnt matter im being stalked and harrassed daily. I truly need help. Anyone find a fix? Im in tears daily fixin whats not fixable. I know who is doing it. Theres yet a way to proove it. From my isp to my cell carrier o. Reopening face book across 9seperate devices. 3more if you add hiz. Tho yesterday he got confused and sent a text by accident. Well he found it and deleted it almost before I saved it on my secret phone cloud. Lol. Lol. That will give em something to do. Now They know about ##THE Secret Phone Cloud## application.. Shhhhhh! ?. Back to reality what does a person do in this situation? Any body have ad#vice. Thanx for posting its so frustrating. Michelle.
e. // January 05th 2016
Michelle I’m having the same nightmare. My life has been turned upside down because of this. Im trying to figure out how much damage is being done. Any help or correspondence would be eagerly accepted.
Have you talked to Google yet?
e.
anon // June 07th 2011
I had to again change my yahoo password because I was locked out of my account. Afterwards, my Yahoo login activity showed a browser in California with what appears to be Yahoo’s IP address logging into my account twice after I changed my password. If yahoo, why would they do that?
TN // June 10th 2011
I had the same problem of log-ins from Latvia. Every so often I go to check my recent activity, tried doing so today and the link off my account information page is no longer there to view my activity.
KG // June 25th 2011
Thanks for the helpful post. I, too, seem to suddenly be among the ranks of the recently hacked. Given the above post and comments, I immediately jumped to my recent login activity to find the culprits hailing from Serbia and Poland. Not surprisingly, the keywords that popped out were “Yahoo Mobile”. I only use 1 mobile device and am most certain the leak did not come from a computer (as email now done on ipad which never leaves home). This leads me to suspect that the Droid is somehow getting tapped for info. If so, fair warning.
As I did not get locked out of my account, the hack may not even be making the password visible. Ie, the process seems to be automated. I did find and remove the access for Yahoo mobile under the ‘Manage App and Website Connections’ link, figuring I could live without email on my phone. However, think I am still able get mail on my phone, so it may or may not help. *crossing my fingers*. May have to remove from phone completely if hack reoccurs.
ks // June 30th 2011
me too!!! ,… my was accessed (hacked) from Vietnam, … while i resides in Singapore
Briana // July 12th 2011
Would your only solution be to switch to Gmail? I have a personal Gmail and a Yahoo account for university emails..but I have preferred Yahoo till recently.
My account has been hacked four times within the past two months, but the only thing that has happened is they changed my password. My email hasn’t been used to send out any spam messages or anything, just a changed password.
My recent login activity hasn’t been too suspicious after I was hacked, Oregon the first time (I’m in Seattle,) then Washington DC and Germany (more suspicious), and today, California (not suspicious) and Virginia…suspicious considering they were logged in within an hour of each other. Can I warp across the country? No.
AJ Kohn // July 13th 2011
Briana,
Yes, I’m not sure why Yahoo! isn’t able to understand and prevent access when it is geographically unlikely or impossible, as with your California and Virginia situation.
I believe you can still use your Yahoo! account but you’ll need to make sure that you change your password, create your security questions and update all of your other Yahoo! products like Yahoo! Mobile or Yahoo! Messenger. From what I’ve seen they seem to be exploiting these services to gain access so having those be up-to-date and enabling all security measures on the same would be prudent.
Thanks for the comment and hope that helps.
jl // July 12th 2011
Thanks so much for this post. I found the location (in the same city) of someone who hacked into Yahoo account. Reported it to Yahoo. May report to police also.
AJ Kohn // July 13th 2011
Glad I could help Jl and good on you for taking action!
Annie S. // July 13th 2011
Ergh. I just joined the “I’ve been hacked” camp, after also having a Yahoo account forever. I also just noticed a lot of hacked accounts coming my way. Clearly Yahoo isn’t on top of this issue, so I think I’ll just delete the account and move on…..after I take your advice and let others know they were also hacked!
AJ Kohn // July 13th 2011
I’m sorry to hear that Annie. And yes, the number of hacked accounts coming my way has also increased.
It’s odd that Yahoo! isn’t keeping up on this since it is really easy to move your account to something like Gmail.
Ralf Muschall // July 13th 2011
Do you have any idea how it has been hacked? My (uneducated) guess would be that one of the many other mobile apps (which usually require unrestricted access to contacts, memory, internet and whatever in order to be able to run) had a security hole and was abused to send password data to the attacker.
Just a hint about the security questions that yahoo (and other services) offers for password recovery: Criminals usually know the answers about your childhood street name etc., probably better than yourself (you might forget, they don’t, or even have database access). What I do is to create questions like “first recovery password” and “second recovery password” and create fresh, strong passwords (as hard as those for everything else).
AJ Kohn // July 13th 2011
Ralf,
Yes, that’s my guess too, that there’s a hole in one of the mobile or messenger applications that allows password information to be harvested. It seems like that’s the pattern. As far as the security questions, you can go that route for full protection but I don’t think many hacks of this nature will go the extra step to track down street name or best man answers. It’s too much time and effort, particularly when they can just move on to another email account to abuse.
jl // July 13th 2011
I think messenger is my problem. I keep trying to sign out; couple of minutes later, I’m no longer signed out! Will report to Yahoo.
jl // July 13th 2011
P.S.
I discovered the default setting for Yahoo! Messenger on my smartphone was set at “always on”. This should not be the default setting! Also note that the more secure “https” is not a default setting for both Facebook and Twitter. You have to go into account settings and check “https”.
AJ Kohn // July 16th 2011
Jl,
Thank you for reporting this default setting. Hopefully others will take note and make the change to prevent potential hacks.
JC // July 15th 2011
Same thing happened to me today. . .
6:34 PM Yahoo! Mobile Logged In Vietnam
6:34 PM Yahoo! Mobile Logged In Vietnam
And I was in Oregon at the time. Never been to Vietnam!!
AJ Kohn // July 16th 2011
JC,
Sorry to hear about this and once again it’s a Mobile property from half-way across the world. Shocking that Yahoo! can’t figure this out. Make sure you check your Mobile version and settings if you continue to use it.
me // July 22nd 2011
Happened to me today and all the log ins were the same IP, and I do not own a mobile phone. I have an Ipad but I haven’t used it and I set up the Ipad to an email I created just for it.
So I don’t know what happened or why. I wish they would explain.
Geoff Halstead // July 26th 2011
Hi all,
Just had my Yahoo account hacked for the second time in as many months.
I only access it via iPad and MacBook on Wi-Fi from home.
I tried to change password but no luck with multiple attempts such that Yahoo froze we out for 24hours.
I will try one more time and if no luck, switch to someone else.
Pity that Yahoo have become so lax and useless on security.
Oh, I’ve had accounts with them for 12 years.
They seem to have lost their way in a big way!
Geoff
AJ Kohn // July 27th 2011
Geoff,
I’m sorry to hear about this, particularly since you’ve been hit twice in two months. Make sure to follow those links at the top to ensure you can reclaim your account. Also, are you only using Yahoo desktop or do you use Messenger or Mobile?
GeoffH // July 30th 2011
Hello AJ,
Thanks for response.
I only use desktop or iPad.
Haven’t tried to log into Yahoo to change yet as cancer treatment has floored me this time.
Will be back as soon as I have the mental energy to go through the log-in procedure again.
Geoff
AJ Kohn // August 06th 2011
Geoff,
No problem and all the best on your cancer treatment!
J. // July 30th 2011
Hello,
I can’t access my yahoo account. The password seems to have been changed. My secondary e-mail address is my former work address which I no longer access (just get the messages forwarded). Even though I answered the first security question correctly, the answer to the second question (best man) is not accepted. I wonder if that got changed too? Now my account is locked for 12 hours. Is there any hope of recovering it? I have some very important information there…
JL // July 31st 2011
Been there, done that. Yahoo actually suspended my account and I couldn’t send emails. They stated someone was using my email address for spam. This was not a surprise since I had received several “Dear Customer” emails related to Epsilon accounts being hacked. See:
http://www.guardian.co.uk/technology/2011/apr/04/epsilon-email-hack
Also despite the fact that I’m not an online gamer, I received a notice that my information had been changed at a game site and that I had subscribed to an iranian website. It took more than a month for me to change most of my yahoo email contacts since I’ve had the account for 10+ years.
Back to you. Below the log in section there should be a link to, “I can’t access my page.” That worked for me and I was able to access my account and changed my password. I now have a second yahoo account; only use it for newsletter emails. My important emails are on gmail which uses https. I also now use Firefox and Chrome which are browsers that have higher security ratings than Internet Explorer or Safari.
If you have problems after 12 hours, do a search for Yahoo! Help and you should be able to contact Yahoo that way. Make sure you read the earlier posted messages for additional security tips.
J. // August 01st 2011
Thank you very much JL. I managed to change my password this morning following the link “I can’t access my page.” This link did not work yesterday.
By the way, could you suggest how to get rid/block the Yahoo messenger, please? I suspect that is the problem since a while ago, upon logging into my yahoo account, I received a few notifications stating that I have been logged out of my Yahoo messenger since I logged in a different location. I do not use Yahoo messenger, so that was very strange. Now I know that it must have been hackers…
Also, where is the “View your recent Yahoo log in activity” link, please? I do not seem to be able o find it. Thank you very much!
JL // August 01st 2011
Hi J:
Unfortunately the last time I read the Yahoo Q&A regarding Messenger it seemed to indicate that you had to get rid of your email account if you wanted to get rid of Yahoo! Messenger. That’s why I have another Yahoo email address and several gmail email addresses so I can eventually get rid of the hacked address. I’ve:
— signed out of Yahoo! Messenger and made myself invisible to everyone.
— unchecked the box on my cell phone that had my Yahoo! Mobile account on 24/7
— disabled wifi and bluetooth on my smartphone and on my computer since I don’t use them (but hackers do), and
— put a password on my smartphone. It’s a pain since I have to punch in more digits before I make a call; don’t want to go through this time-consuming process again.
To get to the recent Yahoo! log in activity link, go to the upper left corner of the screen above Yahoo!Mail. There is an arrow to the right of your name. Click the arrow so the drop down menu with “Account” appears. In the Sign-In and Security Section , click on “View Your Recent Login Activity”.
Hope this helps!
J. // August 01st 2011
JL, Thank you very much. I am currently on vacation in Sweden and, after reviewing the login activity found out that somebody from Sweden was logging into my mail several times yesterday when I could not access my account. Scary… Thought it to be such a safe country.
JL // August 01st 2011
J–You’re welcome. Don’t blame the Swedes–could have been another tourist! Glad you were able to access your email. Make sure you use a mega secure password of 10 characters with upper and lower case letters, numbers and symbols to make those hackers work hard the next time they want to gain access to your cyber property!
jr // August 03rd 2011
I got a message from Yahoo saying my e-mail account had been hacked and that I should change my password, which I did. Now I get a pop-up which says my browser cannot confirm my certificate. When I log on to my e-mail account everything seems to work as normal, except that the web address does not start with yahoo. I went to the Yahoo security site (sites actually, they are kind of a maze) and told them of the problem twice. The first time I was told they would get back to me within 24 hours. The second time I bypassed e-mail and went through their home page with a description of the problem. I got a long e-mail back that gave me some canned answers and asked me to click on from a list of other possible problems and to provide all my personal and password info. Obviously, no one at Yahoo is dealing with this problem yet.
JL // August 03rd 2011
@JR
Change your password to 10 digits consisting of lower and upper case letters, and symbols.
Try using a different browser such as Firefox or Chrome.
Let us know if this helps.
AJ Kohn // August 06th 2011
JL,
Thank you for being so responsive to the others here who have encountered Yahoo! Mail problems. I truly appreciate your comments and the positive community you are helping to build here.
Briana // August 04th 2011
Hi again!
Just wanted to mention as an update that I think the mobile app has a big part in getting hacked. Either the mobile app or the chat itself.
I still can’t figure out how to disable the messenger, although I appear “offline” I can’t seem to log out of it. Once I did get a request for an IM from some suspicious-looking email and I blocked that person. But other than that, not much has happened with my Yahoo messenger.
However, I logged off of my mobile app on my android phone and uninstalled it, and for a while (a good few weeks) I had no incidents with my email. I decided to start using my iPod again for email, and for some reason thought it would be ok to sync it with my Yahoo email. Lo and behold, my email was compromised yet again, not long after that. I changed my passwords for the umpteenth time and disabled it on my iPod as well.
Fortunately I set up my linked gmail account to have a two-step verification for logging, through my cell phone number. Otherwise they would have changed my gmail password as well.
I wish Yahoo would at the very least allow the option of a similar two-step verification process. Its cumbersome, but worth it. Having to change my email password 10+ times within a couple months is completely ridiculous.
Thank you for all your help, and for all the other commenters, you helped me realize it is probably the mobile app doing the damage.
AJ Kohn // August 06th 2011
Briana,
Thanks so much for this additional information. It’s helping the community at large understand the issues and potential vulnerabilities. From what I gather, there is some open exploit by having Messenger or Mobile. I’m guessing that having it on produces some open connection that can be hacked. Why Yahoo! doesn’t understand or fix this is beyond me.
Brandon J. Clark // August 05th 2011
Yahoo! Messenger – Russia….. Thanks assholes….
Needless to say, I’ve canceled my PAID email account service (as if guilty Yahoo didn’t even ask why) and will be terminating it completely once I change over my whole life to something different.
What is this, the friggin 1980’s??!?!?! Am I going to have to go back and start running a mail server out of my laundry room?
AJ Kohn // August 06th 2011
Brandon,
Ugh. I’m sorry to hear this. It seems like such an easy thing to protect against! You can try the laundry room or … Gmail.
JL // August 06th 2011
Oy! Heads up on a Gmail feature–
Changed most of my Yahoo! email addresses to several in Gmail. Imagine my surprise when I was checking my sent folder and discovered that Gmail had automatically sent out emails to a company that I shop at, and was inviting them to chat with me! This despite the fact I had disabled chat! I was not happy. Here I am, literally spending weeks changing email accounts, passwords, IP addresses,and trying to keep my Gmail email addresses as private as possible and Gmail is using my name and email address to spam my contacts! To avoid this from happening, you have to opt out of auto-add suggested contacts. Go to Mail Settings|Chat|Auto-Add Suggested Contacts=> click on the setting for, “Only allow people that I’ve explicitly approved to chat with me and see when I’m online”. Mail Settings is located in the upper right hand corner–it’s the spoke symbol.
@AJ Kohn – you’re welcome. But I must say you started it all–misery loves company!
J Lamb
Etm // August 06th 2011
Add me to the list of hacked accounts. Luckily I don’t have very many contacts, so the damage was minimal. I delete all contacts and changed my password. Been a Yahoo user since 1998 and this is my first problem. At least I’m not alone.
AJ Kohn // August 08th 2011
Etm,
Sorry to hear you’ve joined this sad club. My experience was also the first bad one with Yahoo in nearly 10 years.
MW // August 08th 2011
I was also hacked via yahoo mobile. what is it with this application that it is easily cracked?
AJ Kohn // August 08th 2011
Mark,
Sorry to hear, but you’re in good company! I wish I knew what it was that made Yahoo! mobile so vulnerable. I can only think that it’s some sort of open connection that can be compromised with relative ease.
Jennah // August 10th 2011
Hi all, I just realized that my yahoo account has been hacked. As I was checking my e-mail, it said it could not view my email or I was signed out because I was logged on at a different address. It turns out that someone has been logging into my account since July…. from Virginia. I reside in New Jersey, and haven’t gone to VA for over 15 years. I am really upset about it as I have had this yahoo account for close to 10 years. Is there anything else to be done other than changing the password and security questions? Can we find out who tried hacking into my account and report it? Should I file a police report regarding this?
Thank you all!!!
AJ Kohn // August 12th 2011
Jennah,
Sorry to hear you’ve also gotten hacked. I wouldn’t spend much time trying to find the person or reporting it to the police. Just get your account safe again and either leave Yahoo! for another mail provider or complain loudly to Yahoo! to fix this very clear and dangerous problem. That’s my advice.
Lynn // August 12th 2011
Well my yahoo was hacked today. I don’t use messenger or the mobile app.
BTW, I tried to find the link to view my login history and it is no where to be found.
I did a search through the support thingy and still nothing comes up even remotely helpful. I can see where it thinks my location is which is wrong but I can’t see where my login history is. Any suggestions?
AJ Kohn // August 24th 2011
Lynn,
Sorry to hear you were hacked. The link to your login history can be found by going to Account Info. You’ll be asked to verify your password. Then you’ll see the Account Info page. The ‘View your recent login history’ link should be the last link under the ‘Sign-In and Security’ section.
Bubba McFeinstein // August 13th 2011
Hacked here, as well. My password was definitely not strong enough. Not sure if that matters, but I am hopeful it does. (I have changed password to something far stringer now.)
Hacker purportedly logged in with mobile phone from Peru.
Originating IP address (could be forged) indicated in headers is in Indonesia.
I am suspicious that the hack came from a mobile phone.
My suspicion is that Yahoo indicates a login came from a mobile phone based on the URL through which a user was logging in.
I further suspect that the mobile login page is the vector, the more easily cracked entry point. Perhaps it allows unlimited attempts, making brute force attack easier. perhaps it is something else. Perhaps I’m guessing wrong.
What I’m saying is that I don’t believe that the hacker used a mobile phone in Peru just because Yahoo indicates my account was logged into from a mobile phone in Peru.
AJ Kohn // August 24th 2011
Bubba,
Sorry you were hacked. And once again it’s a mobile login from half way around the world! I’m not sure exactly how they’re doing it, though you bring up some good points. I just know that mobile does seem to be the vector.
Chris // August 15th 2011
I had the same problem just today. Somebody from Venezuela hacked into my yahoo mail around 1:36am and sent out crappy emails to my contacts and some of the people on my sent list. From the looks of messages on here, yahoo should’ve fixed this by now.
Well, after 10yrs, I’ve decided to switch my personal email to gmail from yahoo. They seem alot stringent with security.
AJ Kohn // August 24th 2011
Sorry to hear about this Chris. It’s amazing that Yahoo! hasn’t figured out a way to fix this security breach. It’s clearly an issue and the comments make me believe that Gmail is picking up a lot of subscribers because of the security issue.
heather // August 18th 2011
Ahoy! I’m joining the club. Been with yahoo forever and my email was cracked yesterday from the Ukraine. I live in the US. Never been out of the country. Yahoo knows my primary locations… and did nothing.
They send out a bunch of lame emails. I caught it an hour after the fact and changed my password. My login history was “YMessenger Authentication– Ukraine”. Hmmm, I don’t have the ymessenger program installed. I had it logged off on my email when the crack happened. Odd.
What I do have is a smart phone and the mobile phone app. Never had any problem with my email being compromised till now. This is seriously making me consider gmail. It would very tedious to switch over all my associated accounts but it’s probably worth it at this point.
My password was over 10 digits with letters and numbers. Ran virus and malware scans on both computers I use: Nada. Changed password and security questions. Went into accounts to manage website and app connections. Removed ymessenger and widgets. I’m thinking of removing mobile mainly because I feel like it might be the cause. Can’t figure out how this occurred: My fiance had it happen to him a couple of months ago. Also a long time yahoo user. His password was strong, he uses a mac. No smart phone.
AJ Kohn // August 24th 2011
Welcome to the club. Misery loves company!
Sounds sadly familiar. You’re also helping to confirm that this is not about having a ‘bad’ password. It seems far more likely that there is some exploit that allows hackers to crack passwords with brute force via mobile or messenger platforms.
I maintain accounts on both Yahoo and Gmail, but made it a priority to conduct all of my business on Gmail for this reason.
Mark S // August 21st 2011
Me too. Have just been hacked after many problem-free years of Yahoo usage. The log said the hacker was from Romania.
I use a windows laptop and desktop for Yahoo browser access, plus my iPhone’s email app. Don’t use Yahoo Mobile. Have scanned both PCs with numerous anti-malware including the Kaspersky full suite, and nothing reported. My password is a series of random alpha keystrokes and a few numbers, so pretty strong.
It’s interesting, but maybe coincidental, that i was using free wifi in a bar i’ve never been to before for around an hour when the hack happened.
The Yahoo agent I ‘chatted’ to suggested it could be a dodgy URL that I may have clicked, but god knows how that could expose my credentials.
It’s worrying that no-one here so far has come close to suggesting how the hackers are doing this. I work in IT for an investment bank, so am fairly well clued up, but am still in the dark on this
AJ Kohn // August 24th 2011
Mark,
Sorry to hear this but, again, you are confirming that a ‘bad’ password is not the issue here. I also find the ‘dodgy URL’ explanation to be lame and specious. That’s not it.
I think there’s a very clear pattern here surrounding Mobile and Messenger that Yahoo! could easily investigate. In the interim, I still find it shocking that Yahoo! can’t simply employ a geographic security measure. The fact that they haven’t is revealing and sad.
ETM // August 24th 2011
Wanted to say thanks to AJ for keeping these blog comments active. Each time I read another story, I feel a little better that I didn’t screw up some how. I like consider myself pretty web savvy, so to get hacked by a spammer like this sort of had me surprised. Seems like a lot of other savvy, longtime Yahoo users are in the same boat and that reinforces to me that the vulnerability is on Yahoo’s end with signs pointing to Yahoo Mobile.
AJ Kohn // September 02nd 2011
ETM,
Thank you for the kinds words. And it’s comforting to me as well, knowing that I hadn’t done something boneheaded. The stories here all point to a vulnerability of some sort that does not, in my opinion, reside with the user. Far too often that’s the first line of customer support boiler plate. Fob it off on user error. Not so in this case.
ALM // August 30th 2011
Friends from Germany called at 4 am this morning to say they had received an email from my Yahoo account about how I had been robbed at gun point in Spain. I assured them I was safe and recently asleep in the Bay Area : )
The login activity shows the hacker is in Nigeria. I haven’t used Yahoo Mobile or Messenger and am pretty sure I’ve not clicked a “dodgy URL.” The hacker deleted all my sent email back to April, so I have no way of tracking what was sent.
Most disturbing, the hacker created a new Yahoo account that looks identical to mine except it has an extra letter. The hacker used this new account in the reply-to line of the email sent from my account. Creepy.
AJ Kohn // September 02nd 2011
ALM,
Creepy indeed! But like I found out, you’ve got good friends who were concerned for your safety. So there’s a bit of a silver lining. That said, it’s sad that this vulnerability hasn’t been addressed.
JL // August 30th 2011
Here are guidelines from Twitter if your account has been compromised. Some apply to email accounts.
https://support.twitter.com/articles/31796-my-account-has-been-compromised
I for one have completed deleted Yahoo! Mobile/Messenger from my cell phone and have signed off of Yahoo! Chat on my computer. Unfortunately you can’t disable Yahoo! Chat. All my important emails are on Gmail. Will soon be transferring all my contacts to my Gmail account. Other security measures:
Social Media Risky Default Settings:
http://thenextweb.com/socialmedia/2011/08/18/10-risky-default-settings-in-social-media-that-you-need-to-check/
How to Remove Yourself from People Search Websites:
http://www.zdnet.com/blog/violetblue/how-to-remove-yourself-from-people-search-websites/612?tag=mantle_skin;content
Seth // September 02nd 2011
I know I’m not alone here, but it’s been 2 months since I’ve been able to access my Yahoo email account which I’ve had for over 15 years. They literally will not respond to any of my inquiries concerning this. I hated to lose years worth of emails including products I’ve purchased online, etc. I’ve finally decided that it’s a lost cause so I’ve made sure to change all my other online accounts that use this email and of course minimize my usage of all Yahoo services in the future. My best advice to anyone else that has this happen is not waste any time with Yahoo support and move on to finding another email service (Gmail operates like a well-oiled machine compared to Yahoo). I still have to wonder how many customers Yahoo will lose before they start caring!
kaniska // September 05th 2011
my yahoo account hack some one he or she change my password and sequerity qiestion i use yahoo massemger and i always save my password help me
JL // September 06th 2011
Kanisha
Get in contact with Yahoo! Customer Care and tell them someone hacked into your account. If you can’t log in there is a help button at the bottom of the Yahoo! home screen. There is a “Contact Us” section on top once you get to the help page.
Once you get back in, do not save your password. Look at all the previous posts for recommendations on improved security.
JL // September 06th 2011
@Kaniska
Sorry for misspelling your name!
Will Woodlief // September 10th 2011
I used yahoo mail for 9 years, but went totally over to gmail when both my current yahoo account, and a yahoo account I had not used for over five years, both started sending out spam to people on my contact lists. The fact that I had not used the older email account suggested to me that yahoo’s computer’s somehow lost the information… something I could not prove, but my surfings on the web has raised hints to me that there was some major stealing of data from yahoo over time. Does anyone have any leads or information about this?
Karen // September 10th 2011
Our Yahoo account, which we use for a small business was hacked into yesterday morning, about 30 mins. before I logged on, all contacts are gone, all emails are gone, saw 2 log-ins from Ca. and 2 from Va., we are in NM. Spam was sent from our email saying we were robbed in Scotland, etc., the usual.
I changed the password, filed reports, etc., today I got an email for Yahoo saying my mail was restored – NOT!
Still using our other/ personal, yahoo email for the time being, seriously considering starting over with another business email account.
Has any one ever had their email or contacts restored by Yahoo?
Is gmail truly better?
Any suggestions would be greatly appreciated!
Christina // September 11th 2011
So far I have NEVER had any problem with Yahoo.
Yahoo has always been my my ‘second home’ ever since I became ‘computer conscious’ in the year 2000.
Did notice a common denominator with the hacking, tho’ – all those hacked have a mobile phone.
I have a hearing ‘deficit’ & don’t have a mobile phone.
Have been with Yahoo so long now I would find it hard to make a shift!
NS // September 11th 2011
oh my God i cant beleieve this has hapened to so many ppl! what a shame! my account said it was being accessed from australia, but when i searched for the ip address it showed india !! :S
what i dont get is – if ppl have hacked into an account how come they havent changed the password ?? which is good for me but just wondering whats the purpose of hacking!
btw my account was accesed from australia 4 times in a day !!!!!
Karen // September 12th 2011
Christina – I posted the comment above you and I don’t have a mobile phone.
Will Woodlief // September 12th 2011
My unused account that I told about above had its contact list used, but was never connected to a mobile phone.
Stone L // September 13th 2011
The Yahoo corporation business saga is playing out in the news and clearly the leadership of the company has made actual users and customers a low priority. Perhaps there is more money to be made by providing a platform that is designed to be hacked. Dont always assume that people will be doing the obvious right thing to protect their customers.
Will Woodlief // September 15th 2011
While it could be true that Yahoo did this deliberately, I would prefer to think of another scenario: corporate incompetence. In my opinion,the software and email seems sloppy, and too big to fix easily or cheaply. There can’t be that much money to make in web based email, and from my few years experience designing software, I would like to hazard a guess that it would cost far more to fix yahoo mail than the income stream coming in. Better to deal with insecure email than loose money?? Probably in the past, they started up a quick set of insecure scripts to do email, and then kept expanding it, not wanting to spend the money on fixing it….
My bet would be shoddy work on the middle management level years ago, covered up by an upper management that prefers income to fixing it. And it is hard for me to find an organized group of yahoo customers demanding change. Just a lot of burned little guys, like me.
Will Woodlief // September 15th 2011
So I guess what I meant was yahoo mail is irretrievably broken, and the Yahoo management would rather keep this thing running than shut it down. The real story to me is a lack of organized opposition to Yahoo mail, unless one exists and I do not know about it?
oscar // September 17th 2011
Thank god for this article! For over a week my address has been sending out emails to my contact list even after I tried virus scans, deleting cookies, and all the obvious solutions. I was hacked from Romania and Croatia……today alone! Hopefully taking the steps described will solve it. Its hard to believe that Yahoo isnt taking this seriously………..seriously!!
Stella // September 19th 2011
As I see I’m one of many that had their yahoo e-mail hacked first time after 13 years!! first I noticed that someone send e-mails to all my contacts, I changed password, today saw that some more e-mail were sent, I live in Greece and someone was logged by mobile by Dominican Rebublic! I tried to change my password, but when I tried to log in new password didn’t work, first security question correct, second question not correct? how is that even possible? hacker changed it? the matter is that the second e-mail that I had registered, is no longer valid and now I’m locked for 12hrs. Will I be able to access my account again? the only thing I want is to retain some friends’ e-mails and deactivate the hacked account..
Karen // September 19th 2011
To Stella –
I got my contacts back, but it wasn’t easy and it took a week.
You’ll need to call them and file a report at least once day,
866-562-7219 then go with 1- billing/accounts, it is the only option that puts you through to a human being. Insist they walk you thru the forms, and get you back into your account, they will. Do this everyday till you get a result, it took me 5 business days, I got all contacts back, but they could not retrieve my saved emails.
I switched to gmail.
Stella // September 19th 2011
Thank you Karen, it looks like yahoo is very busy with all these spamers and all those seeking assistance.. I switched to gmail as well, thankfully had no important contacts in my yahoo e-mail and right now the only thing I want is to deactivate my spamed account..friends are texting me saying “how are you? by the way you got major spam!” RIP yahoo e-mail…
bobqw // September 21st 2011
if your concerned with details on IP address location, copy and paste these login activites to notepad. it will show you all their addresses. happy securing =)
Allie // September 23rd 2011
I was hacked yesterday and wasn’t told about it until today by one of my friends who received the (creepy) email spam my account sent. I checked out the “recent activity log” and yesterday someone logged in from my mobile phone in Czech Republic (I am in California and my phone has never left my side!) This is really bad that Yahoo! didn’t catch this and I am strongly considering moving over my email service to another provider.. thoughts?
jochro // September 24th 2011
Same thing as everyone else is saying. I have had yahoo for like 15 years, and yesterday morning my email started sending out emails to everyone in my address book. If I look in my login history, there was a login the same time as the emails were sent via Yahoo Mobile from Armenia. I do have a smart phone, how do I know what has been compromised (a computer, or my phone)?
What steps should I follow beyond changing my email password (and security questions) and running virus scans on my PC?
Do I do anything to my smart phone? Delete apps? Runs scans somehow on my phone?
JL // September 25th 2011
Don’t know how much this helps, but I now have a password for my smartphone. It’s a pain having to punch it in before I call a number; better safe than sorry.
John // October 05th 2011
I’m joining the hacked ranks. After years with Yahoo (technically started with GeoCities), I decided to shift over to Gmail last year because I was concerned with security. I still use that account for fantasy sports, but now I think I’m just going to kill it completely after football season’s done. When I checked my log in activity, like everyone else, it said it was Romania, Brazil, and New Jersey. The first 2 were through messenger like everyone else’s foreign ones, but the Jersey one was mail access, which bothered me. So I’ve reset my password and I’ve reminded my contacts to pretty much ignore any email from that account.
I do wonder if this is related to Yahoo’s “improved” mail service. Before they forced everyone to switch over to the new interface, I don’t think there were as many hacked reports. Since then, it seems like it’s increased significantly.
AJ Kohn // October 05th 2011
John,
Sorry to hear you joined our club. The mail access one would freak me out as well. In what time frame did it all happen? Maybe the Jersey log in was a latter step in the process.
I’ve thought about the idea that it’s linked to the ‘improved’ mail service. There might be something there. I had already been using the beta when I was hacked so … perhaps the new service wasn’t probed well enough from a security perspective. Either way, it’s sad that Yahoo! hasn’t addressed this yet when the exploit seems rather straight forward.
John // October 05th 2011
The Jersey entry happened the last week of September (29th if I remember right), and the messenger entries happened early this morning. What’s particularly interesting to me is that the password I use is one that’s very strong and I use my user name (with the occasional, easily recognizable, variations) on quite a few sites, but I haven’t had any issues with the others being compromised so far, knock on wood. I also ran a malware check on my home desktop and there were no anomalies. And oddly enough, when I checked my virus scanner’s logs, it had run a full scan Monday night, and I hadn’t used my desktop in between then and this morning. So that’s clean.
One thing I also noticed just now, is that, on a lark, I went to log in to the Yahoo account to check the activity log. Lo and behold, my recent check in is listed as Jersey. I’m currently in Minnesota. So Yahoo’s not listing IP locations accurately. There’s still a problem with the spam emails obviously, but to me, this seems to point to holes in the messenger and mobile apps.
stephen // October 07th 2011
Anyone know if the hackers are accessing the emails, notes, etc in the account? I had some private information in my notepad and it scares me to think they’re using it.
All I did was:
– change my yahoo password
– remove Yahoo Mobile access
– added a Yahoo sign-in seal
– deleted the private notes in notepad
Anything else I should do?
Thanks
AJ Kohn // October 14th 2011
Stephen,
I don’t think that the hackers are looking for that type of private information. From what I can tell these are just ways to generate free emails and clicks with the hope that a few wind up converting. Because it’s all free, all it takes is one or two people to buy and it pays off. So, you’ve taken all the steps I would take to secure the account and I’m 99% sure your notepad information was not compromised.
Sera // October 07th 2011
I believe there is a security hole in Yahoo messenger / Mobile authentication which allows hackers to send spam emails. They don’t have the password but somehow able to trick yahoo servers. Someone sent spam emails via my wife’s yahoo account. Login history page showed “Yahoo Messenger” authentication from Malaysia and email header showed it was sent via androidmobile app. Password changed and login set to expire every day.
AJ Kohn // October 14th 2011
Sera,
Really!? Now that is very interesting and would explain why even some very effective passwords have been ‘cracked’ or how those who didn’t fall for the normal phishing attempts could have been compromised. But again we’re looking at a hole in the Messenger / Mobile platform that essentially allows a log-in without the password. In some ways, that’s worse.
Scott // October 08th 2011
Yesterday my long time trouble free Yahoo account was accessed via Yahoo messenger from Hong Kong. I live in Idaho. Several people in my address book received an email with attachments from me which I did not send. I caught the problem pretty quickly when I noticed my inbox suddenly had 10 emails in a matter of minutes. Several returned emails (old contacts). I send out a email warning everyone about the fake email and began to run some virus scan software with nothing found on my computer. I found this site and can now breath easier knowing what happened.
It seems this problem is wide spread and Yahoo should fix it!
AJ Kohn // October 14th 2011
Scott,
Yes, unfortunately you’re joining a growing group of people who have been compromised in this way. I’m certain this has nothing to do with the actions we’ve taken. It’s a problem with Yahoo security and, yes, they should fix it.
Annie Danny // October 08th 2011
I’m using yahoo mail I’m living in singapore and someone logged in from south africa never been there… I got phone calks saying all scum emails were sent from my emails … I generally check my email from iPhone but surprisingly my laptop yahoo has different they got sent the scum emails I haven’t used my laptop to check my mail for months… When I look in my sent folder I have no clue what scum is sent … It’s when I received phone calls from friends and mailer demon I figured out… Please advice is my iPhone compromised or my lap… I changed my password, and checked my primary email, changed security question , added login seal…!! Anything else?? Plz advice
AJ Kohn // October 14th 2011
Annie,
I think you’ve taken all the necessary steps at this point and that should keep you safe no matter whether you’re on the iPhone or laptop.
gary schafer // October 09th 2011
my inbox is cleaned out. at first the log says it was unknown. then multiple log ins from nigeria. this id theft made easy. yahoo is criminally irresponsible
all my contacts get begging emails” i write this with tears in my eyes………..i was robbed i need your financilllllly asistance”(sic)
i will dump this worthless bunch of fools.
then i have the awful task of transferring what few friends i have left to a new service. go broke yahoo. and do the world a favor.
AJ Kohn // October 14th 2011
Gary,
It is a shame that Yahoo seems unconcerned about this issue. I don’t blame anyone for moving to another service.
Dan Canham // October 10th 2011
Had yahoo for well over 10 years. I put up with all the spam and genuine emails from people replying to me going into spam. Today though having my UK email accessed by a mobile in turkey and spam sent to my contacts is something I can’t ignore. One person was going to give me a reference. I think it is time to leave yahoo.
AJ Kohn // October 14th 2011
Dan,
Sorry to hear you’ve joined our ranks. You provide another point in a rising tide of evidence in a gaping hole in Yahoo Mobile / Messenger. I still use Yahoo as a legacy account but the majority of my email is now conducted via Gmail.
oscar // October 10th 2011
I was hacked and posted a comment just over a month ago. After changing my password, I haven’t had anymore issues. However after doing some more digging, I have a question. Does everyone here had a mobile phone with the Android system? There is an app called “HTC LOGGERs” that stores sensitive information, including passwords according to one article, and it is supposed to be extremely easy to hack. Anyone else hear of this?
AJ Kohn // October 14th 2011
Oscar,
I haven’t heard about that app. But I don’t have Android, at least not yet.
Will Woodlief // October 10th 2011
I had an android phone, but I had two accounts hacked at the same time, one was an inactive account that I had stopped using ten years ago and even forgot about and was never on my phone. I thought inactive accounts were gone, but apparently that address book still was able to be hacked into and used to send spam. Both accounts were hacked at the same time.
M.Tolga YURTCAN // October 12th 2011
I am hacked to login from INDIA. I have android tablet and phone but I have not used yahoo in them. last login to yahoo account was mounts old. I believe they have another method.
No one // October 14th 2011
Just got hacked from Japan. Second time this year this has happened.
Sam // October 15th 2011
Somehow someone in South Korea got my yahoo credentials when I was there this past summer. They apparently started using my yahoo email account as their ID on some gaming sites and started using my name as well. They somehow got my credit card information and I started getting random charges from iTunes Luxembourg S.r.l. I called my credit card company and they sent me a new card. I subsequently changed all my passwords and thought it should be okay. Last week I got a call from my credit card company’s fraud alert department alerting me that someone was trying to make charges for Expedia and some hotel. I have no idea how they got all this information, but I have a strong suspicion it was from my sister’s mobile phone that she had just set up. From there they were able to hack my iTunes account which had my credit card information stored. So if you had your email hacked, make sure you change your passwords on all other online accounts linked to your email.
Steve // October 15th 2011
somone hacked my account from poland at 4.17am today when i was in deep sleep in Canada. s/he sent embrressing mail with virus link to all of my address book id. i changed my password. i want to block his/her ip address not to login my account again( if s/he hacked again). Yahoo has only spam mail block option but doesn’t have log in block option. can any one please help me how to block an ip address to log in my yahoo ID.
iame // October 16th 2011
I wonder what’s the point in submitting your mobile number for security reasons, if anyone who hacks your account can change the number?
Irina // October 16th 2011
Hello,
My Yahoo account was hacked today, the best part is that my contact list was so old due to the fact that I never use it or update it, that most of the emails bounced right back. That’s how I noticed it.
I changed every password I could think of, made sure that they did not set up message forwarding to their address. The location in the Yahoo log file was Jordan.
I really hate this, I feel that my privacy has been violated to an almost unbearable degree.
I’ll check the next days and weeks whether the creep has stopped messing with my account.
Michael N. // October 17th 2011
Wow – great post very useful – helped me to found out from where my Yahoo Email was hacked last Thursday: POLAND.
This is indeed very embarrassing situation – especially when you use your account for professional communication or for recruitment opportunities. Anyway, as you pointed out some people took the time to email / tweet me about it.
In the past, I have seen this happening to few friends and someone else I know got her account hacked yesterday.
Reading the numerous comments and based on own experience, this makes me seriously considering moving away to another service. Especially when ready the Yahoo could do much more then they do – very basic checks as explained.
Thanks again for the useful post and comments from readers.
Cheers,
Michael (from little Belgium)
Stella // October 17th 2011
Yeah – I can join the club. Always considered myself a diligent internet user. The hints here were great. Figured out that my account was accessed from UK mobile account. Thankfully some friends told me right away about receiving spam. I deleted all my contacts, changed my password and deleted very personal mail that i had saved. I will certainly move away from yahoo, just not sure where to?!
Good luck to everyone out there.
Allan // October 19th 2011
Yeah, Yahoo is the worst for email security. Gmail is a bit better. My startup is trying to solve this challenge and stop the hackers from getting into our web-based email accounts. One of the popular tricks hackers use to break into an account is they would do a reverse lookup on your email to get the personal info. Then they will reset your password by answering trivial questions about you.
Sera // October 20th 2011
I have another thoery. When you you login to yahoo webmail or yahoo messenger there is an option to keep you logged in or save password (messenger). login authentication information is stored in session cookies. If someone gets access to session cookie they can login without having password. It is possible to steal session cookies via webpage scripts.
To safeguard do not save password or check remember me option. Logout or exit browser when done with email.
AJ Kohn // October 24th 2011
Sera,
This is a very interesting theory. I hadn’t thought about cookie hijacking but that’s a definite possibility.
Judy C. // October 20th 2011
It does absolutely no good for me to keep changing my Yahoo password and sign in seal and security questions (which are very strong), my Yahoo login log still shows me signing in from other states, and the sign in times are the exact times that I am logging in. I am in AZ and they show either Denver, CO or MT. Yahoo customer care gives me the same canned answers and reassures me my account is secure after changing my pw and security qs and sign in seal. NOT!
Also I am not connected to chat nor is my mobile phone in anyway connected to my Yahoo account. So that is not the route.
I usually know I have been hacked when I suddenly get a message that I have been disconnected from Chat (which I do not use) because I have logged in from a remote device (not me). Or I go in and attempt to click on my personal emails that I know who they are from, and all I get is an ad opening up. When I change my password and go back in, I can then open up these emails normally.
I am not really seeing any solutions here as to what to do to stop the redirecting of my yahoo and yahoomail log in from another state. This problem persists frequently, at least 2 or 3 times a month. I just found out how to go into the login file on ymail two days ago, and then that is how I found out about the other states login. What can a person really do to fix this?
John // October 20th 2011
Judy,
I wouldn’t put too much stock into the locations of the log ins. It looks like Yahoo isn’t reporting them correctly, based on my experience I mentioned above. What seems to be the point of access is the apps connected to Yahoo (Messenger and mobile access), regardless of whether you use them or not.
I would do 2 things. First, I would take Sera’s suggestion and logout/not save your password for every log in. It’s a bit of a hassle, but I think her theory along with the holes in the apps is part of the problem. Second, I would disable any apps connected to Yahoo that you don’t use. Go to Account Info –> Manage Apps and Website Connections. That should, in theory, cut down on access to your account.
Judy // October 20th 2011
I always log out every time and i never ever save any password on any site. I will check out the disabling apps area. Thanks for the advice. It is funny how all the logs in coincide with the times I log in, and most all from Colorado. Could it be that my server is somehow hooked up to Colorado? Except that does not explain the Montana logs from two days ago.
JL // October 21st 2011
What has worked for me:
— Removed Yahoo! Messenger from the programs on my smartphone.
— Have a password for my smartphone. Yes it’s a hassle to have to use it for every call but better safe than sorry.
— Have complex Yahoo! password. My Yahoo password is so complex, every time I use it I have to refer to its written form before I type it in. It’s mostly characters. Alpha and numeric passwords are too easy to crack.
— No longer use Yahoo! for important emails.
— Have placed a fraud alert with the credit reporting agencies to protect my credit. Just this week I received a letter from a retailer that someone had tried to open an account using my name.
nic // October 25th 2011
This has now happened to me too – via messenger (a service I never use)
I didn’t have any apps enabled.
This time the login was from Uruguay! (Perhaps the hackers are just going down the alphabet of countries?)
The session cookie sounds like the most likely culprit!
Dorian // October 27th 2011
My wifes yahoo was hacked last night from the phillipeans. We only realized because of the old contacts it used caused a lot of email bounces. I can see the sent messages, 4 of them from a login at 1:26am, but can only see the sent from the yahoo webmail. They weren’t sent from our computer, thankfully. It appears sent via a mobile connection. Changed password this morning, but it’s additionally difficult as it’s linked to our at&t account since they don’t use their own email but outsourced it to yahoo.
Roberta Mary Ladieu // October 27th 2011
I didn’t have access to my yahoomail since Oct.13,I finally got a phone number for yahoo help…866-562-7219, if you want to talk to a person stay on the line, otherwise they just direct you to yahoo help site.So now I am un-easy to log in cause my security seal is not there and they said DON”T sign in unless you see your seal, so what’s a person supposed to do?Any answers will be greatly appreciated.
Pretty // October 27th 2011
I reside in Australia and my yahoo mail was hacked from POLAND too. I was notified by a known that it had happended. Yahoo was useless. I contacted their Australia direct line and a voice mail asked me to email. That was terrible, as I could not email them as I was at work and they restrict us from using personal email id’s. The hack said Yahoo Mobile when I checked my login activity.
The scam mail stating stupid websites was sent to my contact list which also included my friends from previous companies.
Yahoo in all was useless. I did read this web page and changed my password as soon as possible. Hope yahoo could do something to protect the security of their network.
Jonny // October 30th 2011
My wife’s Yahoo account was also hacked through Y! Messenger. Some were logged in from Ivory Coast, France and Malaysia. She uses an HTC phone and I’ve also been reading about an HTC security exploit on Android phones. Do a lot of people around here use HTC phones? If so it sounds like the fault might not be Yahoo’s. If a hacker can grab the password off the phone there really isn’t very much Yahoo can do about that.
berry // November 02nd 2011
Do anyone here know how to stop hacker-who can track other’s all conversations by her yahoo id( not with her password in id)?
if you know, please help me because have one-he told me he can track my all conversations with my friends..just by my yahoo messenger id.
Thanks so much with your help!
Mark // November 02nd 2011
Since this problem is happening to Hotmail, AOL and Gmail accounts as well, I suspect that most of the hacking is happening due to password re-use. Many people use the same email and password to login into different web sites. For example, if you use the same email and password combination to login to abcgreetingcards.com AND Yahoo – if abcgreetingcards.com has their user database hacked, the hackers simply try using that login info on Yahoo.
AJ Kohn // November 04th 2011
Mark,
I don’t think this is a password re-use issue. Too many accounts have been hacked with strong and unique passwords to make me believe this is just a user problem. The two leading theories in my mind are an exploit in the mobile/messenger universe or cookie hijack.
D // November 03rd 2011
add me to the list of people being hacked 1 hr ago.
when i went to sent box though there’s nothing there so mayb eit’s deleting it’s tracks.
John in MA // November 07th 2011
Yahoo account hacked a week ago..strange emails sent out to one of my friends. We compared notes yesterday and realized I had not sent out these messages. No record in the ‘sent box’ or trash. Activity log traced to an unknown IP address in US. Very specific and explicit so someone gained access and targeted a contact. Changed password. Might have been a breach via my Driod but who knows..first time this has ever happened.
Alexandros // November 11th 2011
add me to the list – I started seeing emails being sent from me to me plus my contacts… there are WAY too many people here with the same problem for this not to be a systemic issue. I noticed some binary in “my” recent messenger conversations, so the possibility of a messenger hack definitely seems plausible.
Chris // November 12th 2011
Well I am now adding my name to the list! I was hacked on my yahoo email account yesterday! nearly 9 years in of fault free problems but now this! I must say my password was not to break and yes from time to time I access my mail from a phone but hey I should be able to do that and not be hacked!
I have run a full virus check and come up with nothing! I am going to move over to g mail the only problem is I will have to transfer all my Amazon, iTunes and bank accounts which is a lot of hassle!
Djo // November 14th 2011
Also get hacked
I’m pretty sure it is related to the Yahoo Mail Android application, because it was the first time i had to store my Yahoo password to connect.
Just installed it 3 days ago … and removed it today !
Application removed, password changed, yahoo informed.
Wait&See
Tom // November 15th 2011
My account has been hacked today too.
Recent log in attempts show an IP address from Poland, Access Type Yahoo Mobile. All my contacts have been sent emails. I don’t have the yahoo mail app.
Sort it out Yahoo!
Ahuva // November 15th 2011
My account has been hacked today too!
Since my page is in Portuguese, I don’t know where to find the recent activities and check from where it was logged in.
I had friends calling the whole day, since the message in the email (very badly google translated) was calling for help and money. Very embarassing. I manage to change the password, but lost all my contacts!!!!
What do I do and how can I inform Yahoo, besides moving my account to gmail? Ahuva
.
Nigel // November 16th 2011
I am yet another person who has had yahoo account hacked!
My problem is that my account was hacked by a so called friend, he also hacked my bank accounts and stole money! In the process of hacking my account he changed all my security questions. I have been in contact with yahoo via a live agent. Unfortunately I have been unable to re-gain access to my account as I am unable to answer the changed security questions! I have explained to yahoo that these have been changed but I just get the answer of them following policy’s.
My e-mail address is important as I have contacts from all over the world and now can not contact them. Needless to say I have not been able to get any information from the so-called friend who hacked my account even after he was prosecuted for hacking my bank details and stealing money!
Any suggestions as to how I can get my account back would be gratefully received.
Thanks in advance.
Nigel.
AJ Kohn // November 17th 2011
Nigel,
Wow, that’s a hack of a different sort! Did you file a police report or anything of that nature? If you have some official document that details the crime you might be able to convince Yahoo! to take the appropriate actions.
Carla // November 16th 2011
I had my account hacked today, dont think is related to droid apps since I never used it on a mobile, yet the illegal access was from colombia and from “yahoo mobile” service, they sent spam mail to all the contacts on my address book. Not sure how they got my password but I’m doing a full scan and didnt find anything conclusive yet
Withnail // November 17th 2011
This is such a helpful piece, so can I offer my congrats to all? Really good to find this after I too joined the club this morning.
I’m in the UK and was actually online AND signed in to Yahoo this morning, when all of a sudden I get a load of “message failure” type emails in my inbox. Sure enough, I’d been hacked from the other side of the world, Sri Lanka for me. Turns out it was through my Yahoo Messenger, which I don’t even use.
Absolutely have to ask why they didn’t run in to security questions as I was both signed in here in Nottingham and have never been to Sri Lanka. My first panic was over a possible Trojan, so in comparison this is pretty tame, but I can’t help but feel a little violated.
Plenty of password changes ahead, methinks.
Bill. // November 18th 2011
This is a great thread, one of the best I could find discussing this topic. I was hijacked last week, the second time after once about two years ago. I have also received spam emails from other friends who have been hijacked for a couple years. This thread is the first info that provides clear lead to what actually has been going on.
Looking up my login activity, I found four logins over a two-day span, two listing Colombia, two listing Japan, all through Yahoo! Mobile. I do use the iPad2 mail app with Yahoo as the default mail program, rather than my work GMail account.
The good news, if you can call it that, is that Yahoo appears to have at least, kinda, sorta, addressed the problem, because I received an error message that my account login had been compromised and requiring me to reset my password. It did let me do a successful reset, and the spamming stopped.
Thanks for the info, this has been a big help.
AJ Kohn // November 18th 2011
Bill,
I’m glad the thread was helpful, am sorry to hear you’ve been compromised and very much appreciate the news that Yahoo! might be identifying these instances proactively. That would be good news, particularly since your situation mirrors those of so many others here. Thanks again and all the best.
Cait // November 19th 2011
You can close your account here
http://help.yahoo.com/kb/index?locale=en_US&page=content&y=PROD_ACCT&id=SLN2044
Teri // November 22nd 2011
Does anyone know how to actually get in touch with Yahoo? I have tried to go through Customer Care with no luck, I received a generated message. I recently ended a long term relationship and didn’t think about changing my passwords on Yahoo, Hotmail and Facebook till a few days after. Unfortunately, I think my ex-boyfriend had been “monitoring” my online activity for a while. (I’m clueless, I didn’t realize you could go to the menu and find a “saved” password until I forgot one of mine and he found it for me……my heart dropped because he basically lived with me, so I’m sure he was always in my accounts.) Anyway, I have been getting TONS of emails stating I have requested a password change/reset when I haven’t. I finally found where you could view your activity log on Yahoo and BAM! I live in IL, he lives in WI…..on Sat I was in KS and there was activity on my acct in WI….go figure!!! Is there any way to get a copy of my activity log for the past few months. I didn’t get a chance to copy the IP and now, it’s gone…..I NEED to get in touch with Yahoo customer service!!!!
Thanks!
William in Menlo Park // November 23rd 2011
Folks, this is an “inside job”. The hackers have found a backdoor into Yahoo’s servers. They are not guessing your passwords or sniffing packets on mobile networks or stealing cookies. Once they are inside the servers as super users they can do anything they want: primarily search for accounts that have juicy address books and spam those addresses with phishing mail.
They could even have installed code that runs at the time you set a new password, to record the one you just entered. But they probably don’t need to bother with that since they can fiddle all this without logging in with YOUR name/password. (Their backdoor has it’s own password.)
The culprits could either be hackers who penetrated via their own means. Or perhaps more likely: one of the hundreds of Yahoo programmers fired in layoffs was looking for a neat way to backstab the company and gave out the details on hacker nets.
Only solution: get yourself out of Yahoo-land ASAP. If you need to, maintain a minimal forwarding account to GMail. I unfortunately use Yahoo Discussion Group services, so will have to keep my account for that access. But I’ve used GMail for my primary mailboxes for years. Let’s pray this never happens to GMail.
Steve // November 23rd 2011
Well – it was interesting to find this site.
Again, a long time yahoo user for mucho years who just got hacked. Appreciate that it seems yahoo has taken a turn for the worse and there are others in the same boat I’m in.
I can not find login activity as a ATT Uverse Yahoo user. Technical support said there was no way to do that and I could find nothing in my account information. Funny that they don’t allow me to see the login activity!!
This coincidentally happened after I moved from ATT DSL Yahoo to Uverse Yahoo!!
Given the changes I did:
Ran multiple virus scan and malware tools
Changed password
Added sign-in picture at login (only applies to the device I log in from)
Deleted mobile yahoo messenger (very used it)
Given all that next step is google email since Yahoo seems uninterested in helping.
The Lone Moon // November 24th 2011
Omigawd, everyone has the same problem!
I’ve been using Yahoo since for 14 years or so too, this is the first time it happened. I got hacked from both Yahoo Messenger AND Yahoo Mobile! I’m in California but I’ve been hacked from VIETNAM, NEW YORK, KANSAS, SOUTH AFRICA and even an “UNKNOWN” — all within the same ONE MONTH!!!
I’m freaking out because I’ve been attached to this email and the sub-email within it. ~_~
Steve // November 25th 2011
Is it coincidental to all these hacks that ATT Yahoo has disabled the login activity option in my account profile!!!
tim // November 25th 2011
It’s not just the embarrassment of having to tell everyone but this hacker also deleted all my contacts and folders…That really hurt
Doug Lambert // November 26th 2011
Yesterday, 26th November a hacker completely closed down my Yahoo email and Facebook accounts saying I was in Spain, “confused” and needed money to the sum of over E$4,000. I had confirmation of this person’s actions from friends and relatives who rang me to say that this happnened. I had been trying to follow Yahoo’s plan layout to redeem my account but when you can’t even get the email account that was useless. I now have no accounts and cannot directly contact Yahoo to see what can be done now. I have lost my email account, contact addresses (yes my fault, I should have made copies of them – I did for some) as well my Facebook account. Annoyingly, it takes time to start from scratch to rebuild what I had. The email address I have submitted is for the account I have lost
AJ Kohn // November 29th 2011
Sorry to hear you’ve become another victim Doug, first of this hacker and then second to Yahoo! who seems unwilling to provide proper recourse to address these situations. Situations that seem all too common.
JB // November 27th 2011
How they got in was through a security hole in messenger that lets them remotely control the sending of email. From the Philippines. They were in and seemingly out in less than two minutes – I am guessing a bot.
I would suggest removing yahoo messenger from the yahoo email side bar for your ATT account and disabling it on the non ATT account (it cannot be removed from the non ATT account).
If your bundled / hosted email (e.g. ATT) does not have a link to your accounts resent login activity try https://api.login.yahoo.com/login/history
Steve // November 28th 2011
“If your bundled / hosted email (e.g. ATT) does not have a link to your accounts resent login activity try https://api.login.yahoo.com/login/history”
JB – yahoo has blocked my hacked userid from access to the login activity via the link you sent!!
newr // November 30th 2011
same thing here, overseas hackers used mobile settings to hack in and send spam thing is, I see tweets and updates going out with my photo/acct in foreign languages. closed my twitter but seems they may have opened up different accounts using my id, am truly concerned about this since I cannot seem to stop the stupid yahoo messenger from running on this email account and the conversation spam is ridiculous there, thinking to just close it and run from yahoo forever.
so many of my stuffs is attached, trying to figure out how best to transition and best option for next choice, this is awful ~ good luck to all having to deal with this.
newr // November 30th 2011
btw this setting proves worthless to keep out those spammers on yahoo messenger that is attached to the email service…. any more ideas?
Block all users not in my Contact List. I will not be able to send or receive messages from users not in my Contact List.
JL // November 30th 2011
When you change passwords, I recommend changing the password from another (secure) computer from a different location. Make sure you do not save your password on the computer!
I changed my password using my friend’s computer which is outside my hometown. Lately, there’s been an increase in emails to my formerly hijacked Yahoo! email account telling me that I should scan my computer using their software. Oh, the kindness of strangers!
AJ Kohn // December 01st 2011
JL,
I want to thank you for your continuing assistance to those dealing with this issue. I really appreciate your efforts and I know many others do as well.
JL // December 01st 2011
You’re welcome, AJ. The suggestion I haven’t made is the most radical–deleting my computers’ hard drive and starting over. One computer guy suggested it, another said only my email was hijacked so it did not impact my computer. In January I’m double backing up all my files, wiping my hard drive and installing everything from scratch. Ouch!
I’ve estimated it’s going to take me at least 6 months to check/delete all my Yahoo! emails. I’m eventually moving everything to Gmail and AOL.
AJ Kohn // December 01st 2011
Wow JL. That is the true nuclear option.
Susan // December 02nd 2011
Thanks AJ, so glad I found this page. I would never have known about the Recent Activity page in Yahoo mail.
Another with-yahoo-from-the-start user, now in Athens Greece. Perhaps Yahoo are trying to make their service so poor that it will well fit with other products when it is eventually bought up by Microsoft. Most of the new-improved version changes are eye candy that I am not interested in.
My account was hacked on 30th Nov, 2011, from Japan supposedly, while I was logged out. It came to my notice from a helpful friend. I discovered that my contacts had been sent an email with a supposed link which turned out to be a trojan!
Seems I came off better than many of you since I got access to my account OK and changed passwords/questions etc. without anyone deleting my contacts or mail messages.
I was hacked via Yahoo!Mobile. Don’t have it myself, nor do I have a mobile phone net connected with any such app.
Sadly I too have many old messages in my mailbox and will also now have to go through them all to see if there are any that have delicate matter in them. I have a running notification for a digital magazine subscription that arrives with both my username and password to access the mag in it. Despite my repeated complaints about this, no changes have been made to that yet. I know one mail sent from my hacked account included password/ID for something apparently.
I also use my account for work – no longer! Will have to go over to the Windows Live Mail for that (which I have been avoiding like the plague!).
A sad sad state of affairs Yahoo – What on earth are you doing?
Allan // December 03rd 2011
Sorry to hear that everyone is having this problem. I actually just got hacked in late Novemeber from Saudia Arabia, Philippines, Vietnam, Poland, and Virgina. All which accessed my account from Yahoo Mobile. I wasn’t aware that I was hacked until I began having problems logging in from my smartphone. I kept getting password/username errors when I tried to access my email from my phone. I logged in from my laptop and lo and behold yahoo had blocked my account as they suspected that my account was hacked. All I had to do was change my password. Unfortunetly my account was hacked again in less than a week. I don’t know what information was stolen from me or what these hackers did with my account but it is frightening to think that they have control of this account for ever. I strongly believe that my account was hacked from apps that are on my phone but i have no idea from which one. I dont have any games or other apps with ads. THe only app ive downloaded is a walgreens app but its hard to believe that was the cause. I just came to the conclusion that phones are not a safe way to do anything anymore. I recently heard on the news that malls were tracking peoples every move to see the trend of the stores they went into. Also just today I read somewhere that cell conversations were being tapped into. REALLY!!! It’s completely sad to see what this world is turning into. Good Luck to all of you!
IHATEHACKERS // December 03rd 2011
@JL
Don’t do that, it’s worthless. My computer crashed a few weeks ago and I had to wipe everything and reinstall windows 7 from scratch. Today, my yahoo mail got hacked, so it’s not related at all.
spammersarescum // December 04th 2011
Glad I found this website. I got an email from a good friend today stating he had received an email from me which seemed “odd”. Turned out to be spam from some rogue site in Argentina! I have since closed down my yahoo! email account and will not be returning. They really need to get this sorted, as it appears to be happening to far too many people.
IamMe // December 04th 2011
I too got hacked just the other day. Same access type via Messenger authentication, someone accessed it from Brazil!!! Got onto Yahoo support and had no joy, just script reading and i may got a virus which i have NOT, must be an inside job? i have never ever been hacked in this way before and been with yahoo 5+ years!!
andersson // December 06th 2011
Me too… At first I thought my droid tablet was the culprit, but I do not access Yahoo mail from it. It seems all these different countries cited as source of invasion are just IP spoofing. Been Y user for so long… I almost never accessed my Yahoo account directly, as it was mainly an email forwarder to Gmail. Good luck from Brazil.
andersson // December 06th 2011
By the way: My 2 computers are clean from trojans/viruses/malwares according to Avira Antivir Rescue, updated and booted from a pendrive.
JL // December 06th 2011
@IHATEHACKERS
Thanks, good to know. I was also going to wipe out my disk because a lot of websites were using my hard drive for storage. Fortunately last week when I upgraded my operating system, it looks like a lot of the the storage hogs were eliminated. I actually gained 4GB of storage when I upgraded. Now my settings do not allow websites to use my hard drive for storage.
Randy // December 06th 2011
Something just happened to me. One thought I rarly use the laptop normally just my IPOD. I do surf the web with it, plus facebook. Well you don’t need a password from the IPOD or any othe PDA (smartphone, IPAD) to access any of those accounts. I’m no Geek but with all the PDA out there how hard would it be?
I’ve changed my password for Yahoo and set up a hotmail account for facebook.
CCP // December 08th 2011
I too have been with Yahoo! since the beginning of time, and I too got hacked just yesterday at 1:01 am from Canada and from the account that I NEVER EVER use with online shopping. All of my contacts received bogus emails from “me”. I changed my password, yet emails continue to go out today from “me”. I had only checked my email on my Droid mobil app and from my ipad.
From what I’m gathering here, its more than likely from my cell?
Is that correct? Should I disable my emails from my Droid phone?
Thanks!
andersson // December 09th 2011
Security Advisory: For Yahoo Mail Users:
http://blog.escanav.com/2011/12/01/security-advisory-for-yahoo-mail-users/
Richard // December 10th 2011
My yahoo account which I have established in 1997 got hacked few months back and sent spam email to all my contacts.
Annoying as this is, I cleaned everything I could and I keep changing password almost every week. My account has not been sending spam anymore. BUT, what really puzzles me is that every two to three weeks somebody from Netherlands loggs in (as I can see at the “login activity” window) into my account.
Do I have some ticking time bomb here ? How can they find out my password if it is being constantly changed ?
SLee // December 13th 2011
I had 2 GMail accounts for over 5 years and they were hacked 2 months ago. One email I could not retrieve access to but the other I did so I decided to keep it, delete all my contacts and emails within it and monitor it after changing my password, security question and enabling the 2 step verification feature. I am not too tech-savvy so I did not know what the POP/IMAP features did so I left those on. Also, I accessed my email via phone using the mail application, which I understand now may have been a problem.
As a further precaution, I created a Yahoo! email to “ensure the safety of my professional emails”…little did I know how this provider is EVEN MORE UNSAFE…”great!”
So, I had put all this behind me, monitoring activity ever so often but overall I thought I was ok. 2 months go by and I noticed that my GMail password changed. ***Can someone explain to me how this can happen if I have the 2 step verification thing on?*** Reading all the comments above, I assume is has to do with this POP/IMAP feature which allows me to access my email though my phone…I noticed that a lot of the logins by the hacker are using IMAP, but some are also browser. So I turned those feature off yesterday after logging off of all sessions, changing my password, security question… Does anyone have any other suggestions as to what else I should deactivate or look into? The hacker is doing nothing more than being a voyeur (from what I can tell)…either that or lying in wait to use the credit card info that USED to arrive to that email.
I realize this is a mostly Yahoo! thread of posts, but I’m mentioning this since a lot of people here suggest switching to GMail…the precautions I have taken so far have been pointless.
Regarding my Yahoo! mail acct.: In reviewing the login activity, it doesn’t seem to catch every login. I have personally signed in using my phone and computer but see logins from my browser (no mobile) AND the last activity shown was weeks ago when I log in daily…does anyone know if there is a feature that the hacker might turn off to stop recording IP activity/logins?
Thanks to everyone for sharing and for the input…knowledge is power!!! 🙂
Pamela // December 13th 2011
I use Firefox, this is a Macintosh, and it happened anyway.
CK // December 13th 2011
Sadly, it is reassuring to see so many others have encountered this. My problem is I actually have the hackers email! He lives in India and says he was helping his Dad (he said his Dads account was one letter off from mine and could not remember it). He apologized and said it would not happen again. However, when I try to reset it says it will send the password to MY email, but the email is the hackers.
How on earth does this even happen? I have had Yahoo! mail for 12 years, never a problem. now it seems like really any person with some persistence can log in. The same dude has gotten into my gmail too. I can’t even get a back up as that is hacked as well.
I’m very concerned that when I send a test email (from work email) to my yahoo it kicks back as “there is no account”. !!!!!!!!!!!!!!! HUH?! 12 years of email down the drain??
Anyone else having this situation??
Victoria // December 14th 2011
I need your help!!!!!!!!!!!!!!
I have a yahoo mail. Since Sunday my recent login account information are not getting updated.
If any one knows how to solve problem please tell me.
I do not know what to do or how to fix the problem to get updated login activities.
Yahoo customer care was not much of help.
Thanks in advance.
Bill // December 14th 2011
This is Bill, who posted back in mid-November about a Yahoo hack. I just got a message from a friend tonight, whose GMail account was hacked and sent spam to his contact list. He’s a tech guy and will troubleshoot as best he can, but I noticed a couple messages up-thread about GMail problems and wanted to update the thread that it just happened to a known trusted source.
Ugh.
m h // December 15th 2011
hi m yahoo email i am sure hacked with some one my email address is gladis2020@yahoo.com
i am sure this preson ( hassanplan@yahoo.com ) hacked and block my account i can not accesses to my email he is really bother me also he hacked my Facebook too i can not accesses to my Facebook too please help me and block his account i have my count for long time age please help me thanks million
Baoli // December 15th 2011
Hi my yahoo email was hacked two months ago and I just found it two weeks ago.
I changed the password but the recent activities is not working?. I can not see my recent login records.
Mark // December 15th 2011
I’m an on-site computer repair technician. I’ve had dozens of clients that I know of where their Yahoo, Gmail, AOL or Hotmail account has been hacked, and the hacker is sending spam with vague subject lines and little or no text plus a link to a website in the body of the message.
Since this problem is happening on multiple email systems, I doubt it’s a security vulnerability with Yahoo. I think it’s largely due to password re-use. Remember all those Sony accounts that were hacked last year? The Sony hackers are likley trying the same email & password to login to email accounts. I tell my clients to NEVER USE THE SAME PASSWORD FOR DIFFERENT WEBSITES!
I’ve also had several clients who have replied to an official-looking email from Yahoo or AOL that threatens the suspension of their email account if they don’t reply with their email information including their password. Within 12 hours of replying, the phisher has sent an email to all of their contacts with a story about being in a foreign country and in need of money to get home. The phisher had also deleted the contacts and all email. I tell my clients, NEVER SEND FINANCIAL INFORMATION OR PASSWORDS OVER EMAIL, NOR TO AN UNSOLICITED TELEPHONE CALLER.
abhi // December 20th 2011
NICE one !! ,
my account logged in from JORDAN
iM in INDIA !
no wonder my friends got viagra mails
JL // January 01st 2012
Must read:
“Seven Ways to Get Yourself Hacked” from Technology Review (Published by MIT).
http://www.technologyreview.com/web/39354/?ref=rss
JL // January 02nd 2012
How to Create and Remember Strong Passwords:
http://safeandsavvy.f-secure.com/2010/03/15/how-to-create-and-remember-strong-passwords/
meridienmick // January 03rd 2012
Having been hacked last week, I tried to view the “Recent Login” details, but it stops on 24th November. I thought you all might be reassured by Yahoo’s response to my request for help. Transcript of live chat follows;
Please wait for a Yahoo! agent to respond. You are currently number 1 in the queue. Your estimated wait time is 1 minutes, 0 seconds.
You are now chatting with Summer
Your Issue ID for this chat is LTK5390798027X
Summer: Good day! Welcome to our Yahoo! Account Verification Live Chat service. I’m happy you’ve joined us.
Summer: Thank you for providing us the details of your issue.
Summer: In my understanding, you are having difficulties viewing your Recent Login activity. Am I right, Mick?
Mick Price: That is correct. I can view it up to 24th November but nothing more recent than that
Summer: Thank you for the confirmation. I apologize for any inconvenience this has caused you, and I’m glad to be of assistance.
Summer: Please provide me your Yahoo! email address having this concern.
Mick Price: (Reply deleted)
Summer: Thank you for reporting this issue.
Summer: We’re aware that recent Login Activity events for your account have not been updating recently. We’re currently working on restoring this account feature as soon as possible. Please understand that we will be unable to restore any of the missing Login Activity events for your account.
Mick Price: That’s not very helpful
Summer: I do apologize for whatever inconvenience this may have caused you.
Mick Price: Yeah, OK
Summer: Can I help you with anything else at this time?
Mick Price: I doubt it
Summer: Please be assured that I would prioritize this issue and send it to our Product Specialist Team to correct this issue as soon as possible.
Summer: Thank you for using Yahoo! Account Verification Team. If you have any other questions, please feel free to come back and chat with us at any time.
Summer: To receive a transcript of this chat, or tell us how we did today, please click the “End Chat” button on the top right of the chat window.
Summer: Thanks so much for visiting. Please be in touch any time. We’re always here!
Summer: Thanks a lot for chatting.
Summer: Bye!
Summer: Have a good one.
Thank you for contacting us. Have a great day.
Mandy // January 07th 2012
I am having the same problem with my account and my husbands account. Our last login activity shows as December 8th. I emailed yahoo and have not yet received a reply.
yhsad // January 08th 2012
@Mandy I wrote to them and YH’s response was that they are aware log in activity ends with 2011 and they are very sorry for this inconvenience but rest assured they are working on this.
I was chatting with someone today who works in electronics department and their gmail had same issue.
In addition to the password change and other precautions, I wonder if anyone has used this old trick I learned from AOL long ago to stop spam where you adjust your contact list emails to include an “x” or ” * ” at the beginning of the address to serve several areas in the event hackers get in to send spam;
your inbox will contain returned mail with invalid address alerting you to the status and this could save friends from being spammed as well as shutting down the hacker attempt on your account
The downside is time spent deleting the added keystroke when you do send out email to those contacts.
Just food for thought, there might be a way to shoot holes in this as I have been tossing it around in my mind but not yet put it to the test. I had some of the fake email addresses return to my in box when I put a vacation message up advising temp. suspension on the account, that alerted me they had tried to mess with my mail yet again. grrrrr
LUCY // January 08th 2012
I am being cyberharassed, and I believe the person harassing me was able to hack into my Yahoo account. I woke up this morning to my password changed and a large portion of my email deleted. I believe it is this person due to the specific folder that was not only wiped clean of email, but completely deleted. Thankfully I realized what had happened quickly, and Yahoo was able to restore my deleted information.
My question is…What can Yahoo do to help me catch this person? Very personal, and potentially damaging information was accessed and I feel completely violated. I follow their roundabout of help tips and have been continuously directed to check my “Recent Log In Activity”. I check there, and what help it ends on 12/8/11. I’ve read on here that Yahoo is aware of this issue and they are trying to fix it? What good does that do me right now? I am terrified this person will hack into my account and do the same thing again. I have done my best to secure my account at this point. I am unsure of what else I can do?
Fdpari // January 10th 2012
Same same here…mine though
I reset my password as soon as i received the message and it happened AGAIN. Someone changed my password AND my alternate email so now i can’t even change my password. The worst part is that my alternate email was also a yahoo account and it seems as if that has been hacked too ugghhhh…I have emailed yahoo and now i’m just praying they can allow me to log in so i can delete the whole thing.
j.r. // January 12th 2012
Yahoo mail hacked on 01/10/12 at 1:10 p.m.
I have noticed over the past couple of months that Yahoo has not been functioning properly. Yesterday was the deal breaker. After many years of email, my yahoo accounts will be closed and Yahoo will never see my IP again. Sad to see a giant wasted by the inability of the people at the top to let the site evolve and grow. Typical of U.S. enterprise today.
Hackers sent messages to everyone in my inbox. All have been warned – hopefully not too late.
gaurav // January 13th 2012
Hi my spouse’s yahoo account has been hacked by someone and he changed all the information which i saved like secret question,password,alternate email address and everything.
I want to complain against him and as well as i want to locked her account on deadly priority. Now please rply me asap.
AJ Kohn // January 13th 2012
I’m sorry to hear that Gaurav. Follow the Yahoo! Email Abuse Help link at the top of this post so you can contact Yahoo directly about your problem.
Florence // January 17th 2012
I couldn’t find the “Manage Locations” or “Location Management” page via Yahoo! help. Is it in my browser, instead?
AJ Kohn // January 19th 2012
Florence,
Here’s a shortcut link to the Manage Locations page. I hope this helps.
newgirl // January 20th 2012
Although my settings were contacts only for messenger, conversations continued to appear and my Yahoo switched back to classic after I sent the last complaint into the abuse department so I guess that was their best answer at the time, but I don’t know for sure if they did it or not. I changed the password again and wish they would fix their security breach issues.
Joe // January 20th 2012
Just found this blog as my yahoo account was recently hacked and my contacts were spammed like most of us here. Anyone know why the recent activity log under ‘Account info’ only goes back about 2 weeks? Also, I see some posters could see their hackers locations like Romania, Peru, etc. My log only shows my log in location….strange. Any ideas?
FLORENCE // January 24th 2012
@ JOE – Two guesses: you were hacked before your cusp entry of 2 weeks ago and they didn’t start spamming right away OR your hacker lives in the same geographical area as you. At the top of the page did you change “Location” to “IP Address”? If it was the same IP address then it was someone in your home or someone who had access to your network; if it was a different IP address then it was someone who lives in the same geographical area as you. Another possibility is that the hacker used an “anonymizer”. I don’t know if Yahoo! can penetrate them or not.
newgirl // January 25th 2012
@Florence, Good info on Location/IP Address selector. Never noticed the selection choice, thanks for sharing.
waldo // January 25th 2012
I have an account with yahoo and used to leave comments but I can no longer leave,and only from one computer.I am perfectly ble from other computers.Could someone or yahoo have attach something just for my computer?
Florence // January 25th 2012
@ Waldo – It sounds as though Yahoo! is targeting the computer that can no longer leave messages by the IP address. This would explain why the other computers still work. I would contact Yahoo! customer service with the computer that cannot leave messages and ask them if they are blocking that IP address for any reason. Also, Yahoo! doesn’t download anything to your computer without your permission … Yahoo! Messenger would be an example of something you would have to opt into downloading. Good luck!
JL // January 27th 2012
New York Times article, “Protecting a Cellphone Against Hackers”:
http://www.nytimes.com/2012/01/26/technology/personaltech/protecting-a-cellphone-against-hackers.html?src=rechp
Info // January 27th 2012
FWIW You can use a proxy server to make it look like your logging in from Romain or China too.
Donavon // January 27th 2012
I just got hacked from Turkey and the Philippines. 🙁
7:35 PM Yahoo! Mobile Logged In Philippines <—–
6:36 PM Browser Logged in to Mail CA, US
Yesterday 10:24 PM Browser Logged in to Mail CA, US
9:37 AM Browser Logged In CA, US
Jan 24, 2012 8:06 AM Browser Logged in to Mail CA, US
Jan 23, 2012 7:31 PM Browser Logged in to Mail CA, US
Jan 21, 2012 1:32 PM Browser Logged in to Mail CA, US
Jan 19, 2012 11:52 PM Yahoo! Mobile Logged In Turkey <——-
Heather // January 30th 2012
Here we go again. Four months later and I just got a text message from yahoo telling me that “I” tried to recover my password through my secret question. Interesting.
Unfortunately for them my secret questions are rather difficult. This is really starting to tick me off. Of course, I can’t see where the attempted log-in is coming from. No IP record. Grrrrrr.
WP // January 31st 2012
Yep, it happened to me too.. Someone from “Serbia” accessed my Yahoo account on 1/28.. They sent out some spam, but I managed to catch it a few hours later & change the password. A week or so earlier, I received an email from Zappos.com telling me that their servers were hacked and my info was “compromised”…. Some of us carry some personal info in their saved email.. So you may want to think about setting up some fraud alerts with the credit agencies. I’ll never know if they just wanted email adresses for spam, or whether they downloaded my folders to mine the old emails.
Disgruntled Yahoo User // February 03rd 2012
12:07 PM Browser Logged in to Yahoo Front Page OH, US
11:55 AM Browser Logged in to Yahoo Front Page OH, US
10:43 AM Yahoo! Mobile Logged In Vietnam <====== R U Kidding Me?!
3:34 PM Browser Logged in to Yahoo Front Page OH, US
6:44 PM Browser Logged in to Yahoo Front Page OH, US
I have the following question, hopefully somebody can answer from experience. I am switching to gmail, they offer to "connect to an existing account", should I connect to my yahoo account since its been hacked? It would be so easy to attach the 2 for the address book and message forwarding, but i will not do it if it will make my gmail account susceptible to being hacked. If anybody has any thoughts/info, I appreciate it.
Bill // February 04th 2012
Vietnam email spoofing. They have my contact list. I cannot find how to change my password in Yahoo mail classic. It’s my sbcglobal address. Since I have ATT internet and also a ATT.net address, everytime I try to stay in Yahoo/SBC to use their change password, I get kicked over to ATT and asked to sign in to my ATT.net, which does not help change the password in sbc. HELP!
If you know how to do this email me please. Keep in mind that I cannot access my sbc account even with “cant access account” feature as the hacker/phisher changed my security questions
MW // February 06th 2012
This is what happened while i was chatting to a Yahoo! Agent
info: Please wait for a Yahoo! agent to respond. You are currently number 1 in the queue. Your estimated wait time is 0 minutes, 1 seconds.
info: You are now chatting with Summer
info: Your Issue ID for this chat is LTK5390944326X
Summer: Good day! Welcome to our Yahoo! Account Verification Live Chat service. I’m happy you’ve joined us.
Summer: Thank you for providing us the details of your issue.
Summer: In my understanding, you think that your account has been compromised. Am I right, Mark?
Mark: yES. YES YOU ARE.
Summer: Thank you for the confirmation. I apologize for any inconvenience this has caused you, and I’m glad to be of assistance.
Summer: Please provide me your Yahoo! email address having this concern.
Mark: mwatson16@yahoo.co.uk
Summer: How did you know that your account was has been compromised?
Mark: I have also noticed that i keep on getting messages from people not in my contact list “Hey, do you have webcam, youre so hat i could bang you up the a$$”
Mark: I dont know, i have also been experiencing unusual Login Activity from an iPhone in my location, i have an Motorola Defy.
Summer: Thanks for the information.
Summer: If you’re seeing an IP address or Location that differs greatly from your usual IP (Internet Protocol) address, it could either mean that you’ve recently accessed your account from a different location or that someone else has accessed your account.
Mark: Okay, The iPhone’s I.P address was the exact same as my Motorola Defy.
Summer: However, it’s important to know that in some cases, mobile providers and Internet proxies may appear in your recent login history as coming from a different geographic location. This can sometimes be a different location than what you are normally based in.
Summer: As such, you may see login activity that you may feel is suspicious. However, it could still be your own login activity.
Mark: I did have an iphone though, so it might just be from there.
Summer: Yes, that’s right, Mark.
Summer: If you believe somebody is accessing your Yahoo! account without your authorization, you can try the following four steps to prevent this from happening in the future:
Summer: Sign out each time you are finished using your account.
Summer: Change your password.
Summer: We strongly recommend that you change your account password to a strong one. Easy for you to remember but difficult for the others to figure out your password.
Summer: Please make sure that your new password is difficult for other people to guess. A good password will contain a combination of uppercase and lowercase letters; numbers; and/or special characters such as %, $, and +.
Mark: Ok, thanks alot.
Summer: Lastly, We use either your alternate email address or your Security Question/Secret Answers as a method for issuing you a new password.
Summer: If you believe somebody knows the answer to your Security Questions or has access to your alternate email address, you can change this information.
Summer: You can also go to our security center to learn more about protecting your online security and Yahoo! Mail account:
Summer: http://info.yahoo.com/privacy/uk/yahoo/security/
kathy // February 06th 2012
my email address keeps getting hacked, several times over the past few months. I create a new account and within a few weeks it’s hacked. I can get into my emails but I cannot get into chat. I understand that a hacker can simply type in your account name over and over until Yahoo bans your account for a day. Even then I am unable to use past accounts to get into yahoo chat.
I want to get rid of all past accounts with Yahoo and create a new one today, but Yahoo wants a mobile phone number now. I do not have any mobile phone number and am unable to even create a new account! Advice anyone, short of abandoning Yahoo altogether?
Neba Ernest // February 07th 2012
I can not have access to my account. it shows that somebody is using the account.any time i log in they will tell me my password is not correct.what can one do with these type of people? and i don’t even know how to change my password.
Florence // February 08th 2012
@ KATHY – I would suggest using a chat client that interfaces with Yahoo! Messenger. There are several. I can’t speak for any of them. Google “Yahoo chat clients” and you’ll see that Trillian, the eighth one down, works on both your computer and phone. Good luck!
me // February 10th 2012
Hello! i was just checkin what most of the people have put out, i have many yahoo accounts, and some of them linked to each other (as been added to contacts) and some day i recived an email from some account of mine … it was spam, i think i havent been in that account for like 4 months or longer and havent had such big activity on it to make it seem interesting for spammers! it was done by somebody from poland, im from romania, and it was from a mobile device, not that i ever loged in from any mobile, and for sure my computer did not have any keyloggers, or trojans, nor do i click and log in to scam websites… yea i guess they found a way to brute force emails, i remember even that website meebo, would let you try unlimited variants of passwrods n such… they changed that now. sadly yahoo wont do anything, and there are ways. hope you all will get your problems fixed!
Ryan // February 11th 2012
In Yahoo Account info, they have a Beta secondary password required you can set. When you use a different computer, yahoo will send you a text with a confirmation code, before you can access your yahoo account on that computer. USE IT! I just turned mine on.
BOB // February 11th 2012
Why this website forum is still up and running is beyond me:
http://www.crackhackforum.com/thread-182965.html
Kris // February 13th 2012
Hi, I have been having problems with my emails that started after i got a BlackBerry about a year ago. It started with my yahoo account saying my password was changed. I thought it was my yahoo account being hacked but it didn’t send out any spam, just changed my password. I started using my AOL account and it sent out spam on that account. So then I created one then another gmail account. Both started having the problems of my password changing. Now all 4 of my accounts lock me out at the exact same date/time about once per month. I have Norton and then couldn’t help me. I’ve had Best Buy scan my computer twice and they found nothing. I was able to look up the account log in history and found two IP addresses in the US accessing my accounts at the same time. One was called AT&T Firewall something that had a fishy looking website. I believe these people are accessing my computer somehow as websites such as craigslist that remember what city you are in, have been set to other city’s where I do not live without my doing this. Additionally, my Facebook has now locked me out. Everyone keeps telling me to change my password to something difficult and to change my security questions. I have made my passwords so difficult that I have to write them down to remember and they are different for all my accounts. I even have that verification process to change my passwords but it still keeps locking me out. This weekend I changed all my passwords/security questions from another computer so we shall see if that works. However, i am still concerned someone is getting into my computer and my access my bank and other accounts. I’m at a point where i feel like I need to get a new computer. And for my Black Berry, I stopped hooking it up to all my emails months ago, and still having problems. Additionally, Best Buy suggested i factory reset my BlackBerry which I did and i did not reattach my emails too. Still I am being locked out. I have no idea where else to go for help. Help!
HSW // February 14th 2012
My ex was hacking into my email so I changed passwords and signed up for the secondary sign in. Unfortunately when I bought a new laptop and expected to be asked for the code being an unfamiliar machine, I was not. I sent help notes to Yahoo and received one note asking for clarification and then heard nothing. All of a sudden though I did start getting requests for the code, after I’d been signing in on the new laptop for 2 weeks or so. But two codes were sent at the same time, so often I’d enter the “wrong” one. sigh. Anyway, Is it usual to see tons of mobile log ons from distant states? Could they be service providers used locally? I am so confused! Also, when I check saved locations, it shows international locations I’ve never been?
JL // February 16th 2012
A post on another website regarding email hacking and how to report cyber crime.
http://eastmnweeklynews.com/2010/11/06/email-hacking-is-a-cyber-crime-my-story-and-how-to-report-cyber-crimes.html
Jeff // February 18th 2012
Here in Connecticut as in many other parts of the country the local telephone (and thus DSL provider) is AT&T who uses the Yahoo mail platform for their subscribers, so if your email address is att.net, sbc.net, snet.net, or a similar domain of any of the other former companies they have acquired, you really have a Yahoo mail account as well, so all of this applies to you.
I’ve lost count of how many of my friends, fellow church members, and business associates have had their email accounts hacked like this. It appears there are any number of easily obtained hacking programs that cut through Yahoo’s email “security” as if it was melted butter.
Are the idiots at Yahoo so stupid that nobody knows this is going on? Don’t they have any security people interested in plugging these holes? The fact that this has been going on as long as it has just boggles the mind!
I just sent my latest “stock” message back to another friend who is among the latest victims . . .
Hi Doug,
I just received an email purporting to be from you, but unless you have taken to sending out links to overseas sources for male potency drugs, I am guessing that you have joined the growing ranks of SBC / SNET / AT&T / Yahoo mail users who have had their email accounts hacked.
You will want to log into your account and change your password as soon as possible. As I tell everybody, make it a complex password containing both upper and lower case letters, numbers, and symbols as these are harder to crack.
Jeff
Jeff // February 18th 2012
A quick follow up to my last post . . .
After reading through the amazing number of posts on this board (And THANK YOU AJ for doing this!) I was inspired to send the following to the Yahoo Security team:
To: security@yahoo-inc.com
Subject: Account Hacking Software
Gentlemen –
Responding to complaints from my users about messages from Yahoo email subscribers whose accounts have been hacked is becoming a full time occupation. Some investigation has uncovered any number of internet hacking forums providing software specifically targeting email accounts on your platform. Some examples are this one: http://www.crackhackforum.com/forum-69.html with posts such as: http://www.crackhackforum.com/thread-182965.html
I have not gone so far as to try to figure out why Yahoo accounts seem to be so vulnerable to this activity, but it is becoming common knowledge that the Yahoo mail system (including the domains you host for AT&T and other providers) is becoming a growing source of UCE, exacerbated by the fact that the traffic is generated from what appear to be legitimate accounts within your domain, delivered by your mail exchangers.
This does not appear to be a corporate priority for Yahoo, but count me as among a growing number of domain administrators who are seriously considering blacklisting all email from Yahoo and the other domains hosted on your platform until something is done about the problem.
Sincerely,
Jeff+++++ M+++++
Director of Information Technology
The ++++++++++ Church of +++++++, CT
Mike // February 19th 2012
I was recently haked. Same exact issue… It happened about 2 weeks ago, so you can see that yahoo is doing nothing to address this.
What hapened was that I went to yahoo mail on my mobile phone browser. I didn’t enter any of my user info. It was previously saved from my last log-in. Immediately, I started getting undeliverable and out of office replies from my contacts. That’s when I knew I was hacked. I checked my activity log… My email was accessed from Brazil. I was in California.
What’s weird is that I was recently in Jamaica, and yahoo decided that I was hacking into my account because I was out of the country. So the one time I did access my account outside of the country, their security team caught it. Too bad it was me that was trying to access my account.
I have since deleted all my contacts, so that this will never happen again. I strongly suggest using another email provider.
Chrissy // February 21st 2012
Add me to the list…I was hacked a few days ago, and I only noticed because my gmail account is listed as a contact on my yahoo account so I was sending spam to myself! I called “customer service” for yahoo…big waste of time. They took an hour to basically tell me my computer was infected from a bad email…strange since I haven’t actually opened an email from Yahoo in quite some time. Also, McAfee scan tells me my computer is fine. They then told me they were going to transfer me to a Microsoft expert whom I would have to pay to fix my computer remotely. I “politely” refused this, then proceeded to change all my info involving the yahoo address to my gmail account and cancelled the yahoo. I didn’t see this thread until I had already cancelled it, so I didn’t get the pleasure of seeing where my account was hacked from…but after reading this, I can only imagine!
BOB // February 22nd 2012
After being hacked a couple of weeks ago, my sister’s e-mail account was also hacked today. However, she only uses Hotmail. She also admitted that she logged into her e-mail account, via her mobile, a day or two ago.
Personally, I think this may be an Android issue. I think everyone should NOT use their mobile for logging into websites. If you have done so already, either remove the accounts from your mobile and/or restore factory settings.
Gail // February 22nd 2012
OK …me too! Hacked for the first time since owning a computer umpteen years ago. Began when using a new tablet while on vacation in New Zealand. Also happened to another member of our group using a tablet. Now at home on a desktop, it continues, seemingly while I am online. I have all the symptoms of the previous writers. Seriously considering changing to Gmail, although if Android is the problem, don’t know if that will help.
Thanks everyone above! Your information has been very helpful if not comforting!
Lilsow // February 23rd 2012
Joining in with the crowd…with answers and solution suggestion
Yup I was on the flight with everyone here that magically flew to all these countries and stop just long enough for people to magically take over our accounts. Humor aside, I figured I was still in a good spot though because my brother is a certified and degree’d computer scientist. Well I was wrong but here’s what he explained. I’m sure some of you out there know this already I just haven’t seen much talk about what’s actually happening in (tech dummy) terms.
First off my issue is like most of you. Sending spam emails to everyone on my contact list, all the while having control to see my emails. Needless to say he warned me to no longer use this as a “secure means” email account. No credit card numbers, no job apps with social security numbers, no legal matters. All in all use it as a dummy account if i must. (I’m aware that this is a duh for most of you.) Next he took control trying to trace it. He tried tracing the IP’s and there’s a reason they show in random countries for most of us. It’s because they’re spoofed (another duh for some of you). Yes spoofed, apparently yahoo doesn’t have the ability, or doesn’t show us, the trace of the ‘actual’ ip address that they accessed our accounts from. The possibility is that, me being in college, there’s someone in the dorm who actually hacked my account is more likely my source. For many of you this also may be the similar case. If the wifi you connect to at Starbucks, Hotels, or other places is unsecured (duh again).
The reason you can’t change information. From what he found they (whoever ‘they’ are) have either added my account info to a spam program/website or purposely accessed and email in my account that does. The program is set to read your yahoo account page, activity. It let’s you access it and then, based on your selection, choose to allow you access or sign you out. As we all know yahoo allows you to be signed in to multiple places. Make a change in the accounts portion on one side and it requires you to re-login. That’s the loop I am/was facing. Again this is a duh for some of you but just wanted to give those that don’t understand, an answer.
The solution, though not simple, that he found. Well first like most of you he tried “yahoo customer service” yeah whatever! He explained they “lobbied”, he suggested they “lobbied, he got tired and figured out another THAT WORKED!!. Now mind you this may not work for everyone but hey I have access to my account again and if you’re just reading this and haven’t deleted your account then this may work for you. He decided that since he wasn’t getting through to them he’d just give them the annoyance he was getting from the spam being sent to my account. He took the time and found several of their “email accounts”. He changed the name that shows up on emails in the account to (-Hacked Account- Do not open this email! This account has been compromised). Yeah that’s STUPID, but it’s actually possible to change it to that, he said there was no character limit. What he did then was delete all the contacts in my address book but added the following email address
yahoo-account-services-us@cc.yahoo-inc.com
noreply@email.yahoo-inc.com
yahoo@email.yahoo-inc.com
no-reply@calendar.yahoo.com
applications@yahoo-inc.com
alerts@yahoo-inc.com
yahoo-account-services-us@cc.yahoo-inc.com
He’d hoped the spam program only email to current contacts on the account but it obviously has a database somewhere with email addy’s that it’s sent to from my account before. But it still done it’s job at adding the yahoo addys above to it’s database. What he figured was if they weren’t going to fix it then he’d just let their servers keep getting hit with the spam he was getting. I was like hey, what’s the worse they could do, delete the account. Yeah Yahoo is a big company huge servers and everything can be automated, but bandwith is bandwith. For every spam sent it would have to send an automated “message not sent” or block the message all together. But the address would still be pinged with initial message and user name. So somewhere along the 6 months he left my account like this, the obscure account name caught somebody’s or some program’s attention. Because he was contacted by yahoo claiming in so many words that my account had been ‘uncomprimised’. He then went in to try and change the password and other information and Tadaaa magic happened..it worked. Plus there were no more spams sent.
Now I know this maybe be more time than you’re willing to wait and also this could be due to the fact that he had previously discussed the issue with them (which sux to know it takes them 6 months to fix an issue like this). But it is a fix that worked for me. And I figured if enough of us in a sense ‘made’ yahoo listen to us then they’d get off there asses and really fix this problem. I’m still not foolish enough to come back to yahoo as my primary email client, it’s obvious that there’s some flaw in their system which makes them easy to attack. But I do like being able to purge the 7 years of email that I’ve saved to my new Gmail account and using Yahoo’s as a dummy for the sites that I don’t trust very much.
So if you think it’s worth your time and haven’t completely deleted your account then try my fix. LOL the funniest part about this was that he got his idea from the “occupy” groups that were going on. He simply named his fix Occupy Yahoo! lol
Hope this helps someone out there, sorry for those of you who’s time I’ve wasted.
JL // February 24th 2012
Re: Phone Security
http://www.informationweek.com/news/security/mobile/232601089
Koustav Das // February 24th 2012
I have been hacked from Nigeria. The following is what he has done :
1. Hacked my original mail id & password & changed it.
2. Hacked & changed the account information of my alternate id also
3. Opened a new account with my old id & pwd.
4. In fact this new account is a dummy account. When I am sending mails to this account, they are not coming to it. Instead these mails are going to my hacked account.
I reported to yahoo 2 days back……no reply !!!!
Carol Bishop // February 24th 2012
My hotmail and gmail accounts were hacked yesterday and a yahoo email address given as security email. It was abmodelk@yahoo.com. I do not have a yahoo account and when I changed anything it was sent to this address. Maybe yahoo can do something about this. I have turned it in to county attorney.
Angie // February 24th 2012
WOW!!
I’ve had my yahoo account for over 15 years and this has never happened to me. I did not notice my account was being hacked until I received several calls from family and friends being concerned about an email they received in which I was being robbed and held hostage in SPAIN. I did take a trip out of town the week before but it was within U.S. Could my account been hacked then? It took hours for me to change my passwords and I continue to have difficulty receiving my emails. So I am assuming my account continues to be comprised.
Dr. Din // February 24th 2012
Hi, few days before my account was hacked possibly from Spain Murcia as one of my friend sent him $1700. through Western Union. He had changed all the information exception the security questions through which I retrieved back my ID. But he had deleted all my contacts and all about 6 years stored emails and other personal data (IDs, passport photocopies, research works, etc.). He has created another ID with my information and already has robbed of $1700 from one of my friend. I applied to Yahoo for contacts and Data recovey within 24 hours but till now I did get any response.
Plz help and suggest me what to do in this scenario?
Thanx in anticipation
NIIVA // February 25th 2012
what do i do my email and facebook been hacked by A GUY NAME
Jeramy Roxas
Facebook User PLZ HELP ME
jackie Metcalf // February 27th 2012
What is this? I chose Yahoo ’cause it had been such a good mail service. Now shoud I find a different E-Mail carrier? I have blocked from Yahoo.
Nick // February 28th 2012
Hi everyone
Can I join the club please!!…been hacked from Serbia! a pretty tame email sent to all my contacts including myself (back-up/security addresses etc). On contacting “Summer” of yahoo I got a load of blurb which was clearly cut and pasted from the page I had been reading prior to my chat with “Summer”. The upshot is that yahoo don’t care nor are they going to do anything imo.
I shall join the ranks of those on the exodus away from yahoo (my very first email address as well and over 15 yo!).
To make matters worse this is the second time it’s happened – the first being from singapore! (I live in the UK). After changing all the passwords, security set-ups (as suggested by yahoo) it STILL happened again.
Yahoo are now rubbish which it pains me to say and I’m sad to leave them. Perhaps if they spend more attention to security rather than cosmetics on their email client we might not have so many problems.
Interestingly a friend of mine (Hotmail account) is complaining of the same thing so perhaps I won’t be going there!
Good luck everyone – perversely it’s nice to know I’m not the only one!
BOB // February 28th 2012
As mentioned before, this may be an issue with Android phones in general. I personally believe that this isn’t specifically a Yahoo! issue (although it would be nice if they pulled their finger out). For those who have been hacked more than once, ask yourselves if you ever logged in, via your mobiles, after the first hacking incident was resolved (or even during).
STOP USING YOUR MOBILES TO LOG INTO ANY PERSONAL ACCOUNTS!!!
Nick // February 28th 2012
@Bob – I can see your logic however just to mention that I have never ever accessed my yahoo account via a mobile device. I do use mobile devices and I do access other mail accounts but not the one hacked. I use Iphone and Ipad and have never owned an Android phone. I only access this account (until today) via Outlook and I pop the emails. Luckily for me most of the contacts on Yahoo were incredibly old and most of the emails were undelivered but some were. I have, as of today, deleted all contacts on Yahoo as it appears the hack merely accesses your contacts and sends and email “How to earn money online” and a link to a website.
I think there is something else going on here but accept mobile devices may be causing some problems.
I am really saddened by Yahoo’s lack of response and proactivity to this as it has, apparently, been going on for quite a while reading these comments.
I am not convinced that mobiles are the sole cause of this but then again I was stupid enough to trust Yahoo’s security!
Tracy // February 28th 2012
Add me to the list too. This is so stressful and I have been behind my computer all day trying to figure out what I should do. My internet provider is AT&T and the email acccount is provided by Yahoo!. I do not know if I even have an option of switching to a new email provider. I was first hacked on 1-26-12. I found your website and learned how to check my log in activity. Mexico was in the activity log for 4:56 AM, Yahoo! Mobile. Most of my contacts received the spam, so I deleted all my contacts, changed my password, and added the second sign-in verification. I thought ok, it was just a matter of time before I would experience this type of hack after being a loyal customer for many, many years. I laughed about it and felt I handled the problem. Boy! I was wrong! I was hacked again on 2-27-12 at 3:18 PM, Poland, Yahoo! Mobile. How did they do it again? I deleted all my contacts, password changed, second verification added. Today, I spent changing the passwords two or three times, printing all my folders of importance from years of emails, and deleting everything in the email account I could find. I am not a computer person, I do emails with friends and relatives, read news and surf a little. I live within 500 feet of an AT&T cell phone/communications tower, and I wonder if I could have been hacked from signals coming into my wireless equipment? What do we do? This is our privacy we are talking about and I think someone needs to be held liable for this. This is a ticking time bomb, and I wonder what else they may do besides send spam by way of our account. All I do with my phone is make and receive calls, and text a little. I would not even want to check email on it so that can not be my problem.
Nick // February 29th 2012
Sorry to hear that Tracy. Perhaps you might try using an email client like Thunderbird, Opera or Outlook and pop your emails down and use the client’s address book rather than using a browser to access your mail.
I have deleted all contacts from yahoo itself and use Outlook. On the signature for an email composed within yahoo it reads that this is a hacked email and please forward to the abuse people in yahoo. If enough of these are recieved then who knows yahoo might do something
Dianne E. // February 29th 2012
Hi all, I know this is about Yahoo but I recently had my msn account hijacked. Had to switch to another computer until I figure out what is up with the one that is compromised. Now when I log in at msn directly my email header has this message:
Do you want to use webnavigationconsulting@mail.com to help you if you forget your password?
Yes, add now No, do not add
I have heard of mail.com and have no idea why this is showing up, are they a part of Microsoft?
When I tried to log into my msn account from my other computer using the regular method a box popped up to log in and it was different, it was late and I have been out very ill so like an idiot I logged into it and when I saw it was searching through my email box I aborted and closed it out.
I have no idea how they got into my msn account, could it have been from being online or is it some compromise on the part of msn? Jeez, I went looking at UTube and found a bunch of videos from hackers how to invade msn accounts, yahoo etc. Those creeps like to keep score. I viewed a bit of one video and anyone with half a brain could follow the instructions to hack into msn accounts etc.
Several months ago I received an email from someone I knew a few years ago who was an msn person and when I asked what the get rich link was all about they said their email had been hacked. I never thought it would happen to me. I use Firefox etc. Now I am worried they have caught up with me on my new computer. My computer that got compromised now needs to be restored to factory defaults, how do these creeps do this?
Once they get into your email do they then cruise through your files and online stuff?????
Janet // March 01st 2012
Add me to the list. I’m switching from Yahoo to Gmail. My bigger problem is that Firefox and Safari (I’m on a Mac) think I’m in the Netherlands. I’ve cleared my cache, deleted history and cookies…my location settings are all correct. I can’t figure out how to go back to the US. Any ideas?
Me // March 03rd 2012
JANET – yahoo no longer allows users to change country of origin for their account despite the fact that the option is still there. I am stuck with a uk.yahoo account when I live in the US. Complained to Yahoo reps, they say “oh well”. I’m completely switched to gmail, and I’m very happy now. Screw yahoo.
JL // March 04th 2012
Another reason to have a good password on your cell phone:
“Cybercriminals target phones, Android most exposed”.
http://finance.yahoo.com/news/cybercriminals-target-phones-android-most-exposed-003516512.html
Veronica G // March 05th 2012
How does a person check their ‘View your recent login activity’ link? It would be nice to see a link or show how to get to this link. Otherwise, Yahoo can be difficult to navigate.
I’ve had my Yahoo account hacked at least 3 times. I couldn’t believe it when people told me that it had happened and kept telling me to change my password. I actually found the spam that was being sent in my “sent” folder. I was so angry! Of course, I had to apologize to people in my address when this happened. I even had one friend, jokingly say “Again, you’re sending me info on Viagra?” We are both women, so…This was embarrassing to me, as I couldn’t understand how my account was being hacked. It hasn’t happened lately, but it has NEVER happened with my Hotmail account EVER. I’ve had that account longer than the Yahoo account (more than 15 years). Yahoo needs to improve their security features and asking people to provide a mobile phone doesn’t work for me as I don’t have one. I’m one of the few people I know who doesn’t.
Brian // March 07th 2012
as noted at the beginning of this thread, use the second sign-in verification — seems to me like this is just the thing to stop these hacks dead – wish I had known about this (or Yahoo had mandated it) before – DO THIS NOW!
Dianne E. // March 07th 2012
Hi, I followed some advise and went through my contacts and put zz in front of everyone’s names. I just have to remember to remove it before sending out any emails. This way I will know if anyone is back in my email box and can’t send out stuff to my contacts.
JL // March 07th 2012
Yahoo now has a “Smart Folders” section with an inbox folder just for “Email from Contacts”. Because I used this folder first, I was able to avoid trouble when I went to the main Inbox folder and discovered a message that was said to be from Yahoo but was just a phishing attempt. By the time I clicked on the “Yahoo Account Update” , a warning had already been established that it was a phishing site.
Another thing I’ve done is placed a password on my computer. If you want to change anything, you have to type in the password.
tim // March 08th 2012
I found the trojan – Downloader.Monkif on the computer I share at work. It was causing spam from my email account.
destylechild // March 09th 2012
I had my yahoo mail hacked and have since changed my password and now i can gain access to my mail again. The hackers deleted all my contacts and sent some distressing emails to my contacts. They even diverted my emails to another address they had created, all of which I have since reversed but unfortunately there is still a problem. I can send emails out of my recovered account but I do not seem to receive emails into this account. Does anyone know what might be the problem?
JL // March 11th 2012
Speak of the devil….
Cnet forum, “E-Mail account compromised. How do I stop the spammers?”
http://forums.cnet.com/7723-6638_102-557354/e-mail-account-compromised-how-do-i-stop-the-spammers/?tag=nl.e497
Kaelinda // March 15th 2012
I have had a beef with Yahoo since 1998, when they closed down GeoCities. They bought it under false pretenses, telling everyone they were going to continue the neighborhood concept. Now they’ve shut GeoCities down permanently. They also bought and ruined webring, which was a wonderful community. You could visit site after site of subjects you were interested in and not have to search for those sites if they were in the ring. They bought egroups and are working to ruin it. They’ve bought a multitude of well-organized and well-run sites and ruined all of them. Yahoo mail is no exception.
You can’t get yahoo messenger and ‘software updates’ off your computer, even using the control panel’s ‘add and remove programs’ feature. You’ll get a message telling you that four or five parts of it can’t be removed. Once you get involved with Yahoo, it’s awfully hard to get uninvolved.
Oh – it’s true that Yahoo doesn’t support its users. As far as Yahoo is concerned, its customers are the ADVERTISERS, not the users. We’re just eyes for the ads.
san san // March 19th 2012
YAHOO turns out to be completely USELESS!!!! My email got hacked, the hacker sent to all my contact to ask for money. I couldn’t log in to my account so i couldn’t change my password. I emailed Yahoo, the response was: Yahoo doesn’t offer technical support this way, please go to Yahoo page and click ‘help’ at the bottom of the page”.
The ‘help’ does not help at all.
I ended up on this page sent by a friend. I don’t know what to do. I don’t want any of my friends to get cheated. I received so many calls and text messages from friends overseas, some thought i really had problem.
What should i do now? doesn’t Yahoo care? I will close my account altogether and will NEVER USE YAHOO any more.
Janet Ross Mays // March 21st 2012
I’ve had the same problem with no help I think I’ll contact the news media t channel 13 in Colorado Springs and tell them about his. Yahoo needs to do ore than they are. I can sign into yahoo, but the minute I hit the mail button, all I get is flashing , like a short circuit. For 5 days now. This never happened before.
AKS // March 22nd 2012
Found out my email has been hacked for the last month. I changed my password and security questions. I noticed that the hackers were logging in via mobile devices, so I logged out of Yahoo messenger in all locations. I also saw there were 2 mobile devices in my Manage Apps and Website connections, so I deleted them. Hope everything is fixed now.
Bianca // March 24th 2012
I was hacked into, to my yahoo, it seemed from Spain in August 2011, but have since got other addresses, but I have lost friends through it, ones who didnt know me well enough. I hope to make up for it eventually as I was enjoying the correspondance. I am sorry so many have had this problem and if you also have lost friends this way. I hope to find email friends from Romania, females as I have relationship, sincerely, Bianca.
Patrick // March 25th 2012
This is now the second time I have had this problem. In my case I don’t think it is all Yahoo. Last time it happened I cleared my yahoo account of all email and contacts. I use Outlook on my primary computer. I suspect it has to do with my Android phone. The only contacts I have are on there and in Gmail. I have second verification NOW on both accounts and we shall see if it helps.
Yosi // April 01st 2012
My friend got hijacked about 3 days ago.
Both facebook and yahoo account.
First was facebook. Sent message with insulted and disrespectful words to one of my friend. Tried to provoke. My password got changed also.
Second, 2 days later my yahoo mail got hijacked. Changed its password and also sent the same person an email with impolite word again.
SO, I made my point it is the same person. The one who know my password. Incase, I never share my password to anyone. I dont have any idea how they get my password.
I dont know what to do now. all my frieand contacts are there.
So sad if i have to lose them.
Fritz // April 03rd 2012
Have the same problem since today. Did all the stuff you recommended – Thanks for that!
Small hint: Passwords are VERY easily extractable from Firefox if you save them. Don’t save passwords in your browser – EVER! In my case, my facebook password was the only one in the browser, but unfortunately identical to the yahoo password… lame!
I don’t necessarily think that the breach came from Indonesia, even though it’s in my login history. IPs and locations are so easily faked! Reported it to yahoo, though.
Write one last email with that account and delete it for good! It’s a pain, but it seems the only way to really get rid of the problem.
JAS // April 05th 2012
My Yahoo account was hacked this week, twice in one night, despite me changing passwords. Both were – a drumroll please – from Yahoo Mobile, one in India, the other in Japan. Yahoo suggested I had a key logger virus, until I pointed out that (A) I use Macs and am very stringent with security and (B) if it was how come it was only my Yahoo mail that got hacked and not any of my other mail accounts or things like Amazon, Facebook etc..?
Oh and an antivirus sweep and shown my Macs to be clean.
Val // April 07th 2012
I had the same problem twice now. Both times I noticed that the problem came up right after I logged in from my Iphone. I am using 2 browsers Safari and Opera, but apparantly non of them is safe. My password hasn’t been changed by hackers but they did send out anoying emails to all my contacts.
I see only one solution – NOT to check your emails on mobile devices.
It does look like a targeted attack on yahoo users (may be even created by Google, who knows…) through holes in mobile devices. Otherwise, I don’t understand why hackers wouldn’t use these holes to collect passwords for gmail, facebook etc.
Bob Maja // April 08th 2012
has happened to to me for about 2 months now, only realized 2day when a friend of mine told me to stop emailin him all the business offers i have, luckily if it wasnt for that,would hav lost all my friends and business contacts. Changed the password hopefully that will work, also accessed via mobile in japan and poland
MICHEAL // April 10th 2012
the yahoo account i use always and which i am associated with by all and sundry has been hacked and for months now,i have not been able to access it.My username is still same but m password has been changed.I have two tests questions and the first one is confirmed true and valid but the second is termed wrong,hence i cannot access not change the security status of my box. i am have been in a bad spot ever since i cant access this account.IF someone out there can help me i will be so grateful.I am not trying to enter someone else,s account and i can prove further that the account is mine because i can easily count off most of the mails contained therein.Please help me out here. spare me that little time and energy and send to my box.Thank you
phalanges1972 // April 10th 2012
I started to actually read every single reply in this sad, sad story. After way too many of precisly the same post over and over. I too have to leave my message that yes, I too have had my Yahoo Mobile Mail account used to send SPAM from places around the globe.
I sent a help desk ticket (help HA) to Yahoo and asked how I could just lock out the Mobile mail account as it was being used for SPAM. I filled out the entire form properly and pasted in all the required info such as the header from one of the many mails.
Now I am at work most all day so I sent them my work address for a faster reply. a few days later the wife comes to me and asks why Yahoo has sent her email account notification that my Yahoo account is going to be terminated due to a breach of the TOS.
Oh just super! I ask for help and get Yahoo to finger ME as the spammer. Yeah great job Yahoo! They even tottaly ignored the WORK email i sent as further contact. Sloppy.
YES it came from my account. NO I dont even have a freaking cell phone. So I cant even freaking give the *%4#! Yahoo service cut off because they insist on a cell number to even access the Mobile Mail settings.
I am very sad that I will have to personally destroy the very first email account I ever had on the internet because of freaking cell phones. GAWD i hate cell phones!
Helen Cooper // April 10th 2012
I’m another one who has just had my Yahoo email account hacked. Again the access is from Yahoo mobile. But this is confusing me and I’m hoping someone here can help me explain this.
The way I use the account is to forward all mail to my Google account. It is my Google account which I use to log in on my mobile. I haven’t used Yahoo on any mobile device for years. So how has my account been hacked if the hackers usually do so through a mobile vulnerability? I do use the account for chat on my laptop, but again, not on my phone.
And again, shouldn’t Yahoo know I’ve never used its services outside of the UK, and haven’t been in Serbia, Romania and Canada? Especially all in the space of less than 48 hours?
Thanks all!
Nick // April 12th 2012
I saw that I had a notification when I logged into my BT Yahoo! account recently, and it took me to the recent login activity to show that there were three logins from Iceland.
Interestingly, they took place the day after I had legitimately logged in to my Y! mail from Spain using an iPAQ hx4700 with Windows Mobile 5.5 installed on it using the free WiFi in the hotel I was staying in. The e-mail client I use on the device is the cut down version of Outlook that comes with Windows Mobile, not a Y! client. The iPAQ is not a mobile phone, it doesn’t have the ability to make calls (no place for a SIM card).
It may have been coincidence that these showed up after I had legitimately logged in from Spain (I am a UK resident), but I suspect not.
I have changed my password and security question, but BT Yahoo! does not seem to offer the facility for secondary challenge information. It took a while to find my way back to the place where I could see the recent login activity (https://api.login.yahoo.com/login/history) after I initially went there from the notification of suspicious activity.
I haven’t heard from any of my contacts (yet) that they have received e-mails from me asking for money, my e-mails are all still there and no further spurious logins have occurred, so maybe I got lucky. I shall be checking frequently from now on, and urging those with sub-accounts from mine to check too and update their security information.
I wonder if my details were somehow obtained by something hanging off the free WiFi in the hotel? I suspect we will never know how this keeps happening.
Tim // April 16th 2012
I decided to just terminate my account with Yahoo. I used the account as a secondary email & in researching my problem realized that Yahoo has shit for security. For the record, I did not have my yahoo mail tied to a mobile device and still got hacked.
noralyn // April 23rd 2012
can anyone answer this pls. i have a twitter log in history in my computer . i dont have an account with twitter and never logged in in my life. the robl is its in the history of my computer and my hubby is accusing me of chatting with someone. i dont knowanything about computers. and im hurt coz im notguilty. i moved out ofthehouse with my daughter already coz i cant bear his accusations. can anybody tell me pls how that did happen?I dont have and never log in to twitter. i dont understand. pls help!
Bianca // April 25th 2012
Hello, I think it would work out better if you had email friends direct as I seek. I am still looking for friends to do it this way, just as friends to communicate and this way it should work, but there are so many asking for partners, recruitments and concerning banking and money which is spam. Is there some way we can find genuine email friends direct without this twitter and face book thing? I have only time to email short emails direct as I dont have own computer, but enjoy discussing things with other women as I am in a relationship myself, so seeking friends, anyone know how I can find the right friends too?
YOSI // April 25th 2012
NORALYN: May be someone has set you up. Or.. sorry to say, your husband set u up. He shouldnt be sp suspicious to, as you are his wife. I mean, what the heck was in his mind so he accused you? In my opinion, it is ok for u to talk someone arround the world. Seriously, i wanted to help u more in person. But unfortunately i dont have your email.
I’m sorry. I hope the situation with ur hubby gets better.
Nick // April 25th 2012
@ Noralyn. I had 3 facebook accounts and 2 twitter though I have never once even looked at facebook and/or twitter. Someone gets hold of your email address (especially easy to do if your name is part of the address like fred.smith@…) and registers you with it and becuase you’ve probably had your email hacked they can reply to the activation email or something like that. I wrote to both FB and T and complained and my bogus accounts with both were suspended after a while.
Tell you hubby that bogus FB/T accounts are rife and many people suffer with the dickheads out there who get their kicks out of hacking and pretending to be someone else.
Good luck
Dianne E. // April 25th 2012
I received a twitter account via email, think it is an msn deal since that is my email provider, I didn’t ask for one, they just assigned me one. I am sure it wasn’t a hacker just something that they are all working together to do.
After being hacked once with my msn account II now have a z in front of the names in my contact list that I don’t use often so if it happens again they will bounce back and I will know I have a problem. I looked up on utube and hackers have step by step instructions how to get into the major email providers. The computer consultant advised that I do a factory reset to get rid of the first virus/hackers implanted.
I also no longer have google alerts because he said those links can be bad so I don’t use it or click on any
I think getting a twitter account is something the email provider did, they all want you to do the FB thing etc. I was assigned one but it wasn’t from a hacker,just something they are all pushing to get people to be connected in all these social media places.
FB is a questionable place, now they want to change the laws, here is a clip that I received from some FB research:
If the Cyber Intelligence Sharing and Protection Act (CISPA) passes, companies could intercept your text messages and emails to share with each other and the government — giving the US military the power to track, control, and share almost all of your online information without the use of a warrant. They could even block access to websites, or cut off your internet connection altogether. Like SOPA (which Facebook opposed), CISPA is a major threat to internet freedom and gives the government broad power to protect big media companies at your expense.
Facebook’s opposition was instrumental in shutting down SOPA, but now Facebook is fighting FOR CISPA. That’s why we’re teaming up with our friends at Demand Progress to get Facebook to side with its users instead of military spy agencies, and in the process start a powerful, organized opposition to this dangerous bill.
Mark Zuckerberg, the founder of Facebook, has said “We can’t let poorly thought out laws get in the way of the Internet’s development.” Yet with CISPA, he is supporting a far-reaching law that could dramatically limit our freedom on the internet. CISPA strips away previous privacy laws, and by creating a broad immunity for companies against both civil and criminal liability, it robs citizens of any means of fighting back.
JL // April 28th 2012
BBC News story, “Quick fix for Hotmail password bug”.
http://www.bbc.com/news/technology-17866897
Carolyn // April 30th 2012
I just got hacked this morning at 9:15 from someone in Vietnam. I am worried, in my e-mails was a e-mail from a lender that had a attachment with my credit report on it. I have changed my password, but I think they got all my info. Is there anything I should do?
Ashley // May 01st 2012
My yahoo email has been hacked and the sec ques answer has been changed, I need to get into my acct I have impt info in that acct. I cant get a new password because the sec ques ans was changed. Help me please!There has got to be a way
mistymom // May 01st 2012
I am living a nightmare, not only was my yahoo account hacked 8-10 times over the past 5 months, I know ther person that is doing it, have the ip address and cant get yahoo to send me my login info for the past 5 months, I can only access the past week or so. The hacker got in and deleted the history. I have reported the hacker to the FTC, police and secret service, they are the ones to contact, the FTC only forwards the infor to Secret Service. There must be a funds exchange and this one got in my email, got into my ebay and paypal info, listed items for sale and of course the goods never showed but neither did the money. Pay pal was nice and on top of it, tracked the unlawful user and now I must prosecute. But I need my login history YAHOO>>>>>
Delia // May 03rd 2012
I can’t get rid of the Yahoo ‘would like to use your current location ‘ box when I try to go online. It’s been there since yesterday. If a website appears, it is frozen. Any ideas?
T // May 03rd 2012
Yahoo account hijacked, they changed the password and security questions, and also compromised the secondary email account. Was locked out after several attempts. Had no way of accessing Yahoo account except to call Yahoo directly @ (866)562-7219, Option 4. As long as you remember the answers to your original security questions, the process is fairly quick, and the lady that assisted me was very patient and helpful. The hackers were located in Nigeria. (red flag, Yahoo!)
All contacts were still there, but emails preceding the hijacking incident were all lost. I created a new secondary account with gmail just for this. Also, will be reviewing my android phone that has yahoo mail enaged, and yahoo messenger (never use). On top of that, my laptop’s password login security question was initiated the same afternoon- which only happens for multiple incorrect entries, which has never happened before (No one has access to this laptop but me). It sounds like a stretch, but is it possible someone has hijacked my entire laptop?
I’m going purchase a security program for all my devices, but I don’t know if that will help.
Kat // May 06th 2012
i am having that same problem as of now i was logged in and check the login report and noticed that it was says that i was logging in somewhere that ive not been i dont know what to do ive considering deleting my yahoo account because ive changed my password everything else it like they are still there my location is different from where im at whats up with that i dont know what to do why do people hack anyways I dont feel safe now
Cookie // May 07th 2012
My Yahoo email was hacked and I was able to see on my recent activity log that the culprits were from Columbia and Portugal. From all the comments made on this site, it seems Yahoo has a real problem. I will be considering alternatives for my email account.
Jade // May 16th 2012
Thanks for your article. My favorite yahoo email was hacked yesterday from India to send spam messages. I was alerted to it when I saw so many undeliverable messages to the email addys that were no longer in use. Your article helped me to understand quickly what had happened and how to remedy it. My password is no longer weak. I found a strong one I can remember. Hope this helps to limit such activity now.
australia // May 20th 2012
first over a period of weeks, yahoo would only allow me to access one email at a time then logged me off. Now i cant logon to yahoo at all now… Anyone have any idea’s???
fw,USA // May 23rd 2012
My email with yahoo was hacked into. I have had that address for 10 yrs.
Yahoo could care less. I have cancelled all yahoo connections.
The hackers were like in contact with each other because it was within
a short time of each other that they logged into my account. One from Serbia,
Belgium, Japan and Poland.
Needless to say, I have closed all yahoo affiliations.
DINKHEAD // May 26th 2012
BULLSHIT !! THIS IS WHOLE LOT OF CRAP TO READ !!!
NOTHING WORKS !! TO STOP SPAMMERS !!! USELESS ADVICE !!!
Jade // May 26th 2012
@ Dinckhead, It was clearly stated in the article it can happen again. Obviously you did not read it. Perhaps you are still angry from getting hacked? Or perhaps you are one, I dunno, but either way you are not very nice. Trolling is quite rude, as much as the hacking spammers.
Carlos // June 01st 2012
I can relate. Normally, I don’t check my notifications (I think that’s what that bell icon is called) and I seen my account was accessed several times by some fool in Poland. I had several-vital emails going to that account. But, with me being suspicious, I immediately terminated the account (really Yahoo, 90 days for an account to be deleted?!) and made a new account with another email service.
And as a side note, anyone notice many of these hackers’ location repeat? One from Poland, Romania and then Vietnam. And be sure to have a good security program. Kaspersky identified several trojans on my laptop in a two day period.
Don // June 06th 2012
The H-word broke into my house today (8 Jun 12) too… all emails gone, full address book gone, my ‘security seal’ gone, main email page taken over by the Arabic language. My whole email system is now their’s, under their control.. they now receive all my emails. I can log-in using my ‘newly set’ password, but they would have that as well by now; it is no longer my ‘house’ . They have stolen it. A lot more needs to be done about cyber crime around the world. But have they the capacity/know how to? Our security agencies can’t catch the lords of the people smugglers either, instead, they grant them full refugee status. All seems to have just become too hard. In my case, it is not a question of email access, via mobile, either. My mobile has never been set up for this. I, too, propose leaving Yahoo, the sooner the better. By the way, I did receive, together, 2 of the ‘official looking’ emails from Yahoo that one of the writers spoke about. I peered in at one, very quickly, but not the other. The truth of the matter is I had asked Yahoo a question about a persistent spam.. like 10-a-day .. from a Casino spammer .. a month or so ago, and had thought it may have been the answer i sought.. I’m still waiting for that! I now realize it was from the hackers, waiting for a bite. It is devastating, to lose 15+ years of research, fotos, u name it. The pigs are laughing all the way to the bank. [I was supposedly robbed of everything I possessed in London, and needed money urgently, but here I am typing on the other side of the world]. If there is anyone out there who can offer any help, I can guarantee you will be listened to intently.
Don // June 06th 2012
or is it a virus?. (perhaps from ‘123 Christmas Cards’ as a writer suggested)
allyson // June 07th 2012
i have two seldom used yahoo e-mail accounts. today i just happened to check them and was given notice that BOTH of them were accessed from toronto (i live in nj). i changed both and then checked again, and, lo and behold, the ‘suspect activity’ times were the exact times i logged in and changed passwords!!! how is this possible?? i have not linked either account to a mobile, don’t ever use chat or messenger. now that i think of it, months ago, when logging into my gmail from a library (at home, all my gmail is linked through windows mail), i got a similar notification from them, however, i did not note the time of the alleged hackings… something odd is going on here…
John // June 07th 2012
@Allyson
Yahoo’s basing their log in location by IP address, so that can be listed differently from where you are depending on where you get routed. What I would be more concerned with is HOW they access your account. Based on everyone’s experiences (and mine own from earlier in this thread), there seems to be a security issue that’s related to both the Messenger and Mobile apps. I disabled both right after I was hacked, and I haven’t received any notices from my contacts since then (even though that account is for all intents and purposes, dead).
What I would recommend to everyone that uses Yahoo is to disable any apps that you aren’t using by going to Account Info —> Manage Apps and Website connections. The less you have running, the less opportunities there are for people to hijack your account.
JL // June 08th 2012
@John
Great points. Even though I removed Yahoo! Messenger from my cell phone, I still clicked on “only accept messages from contacts” in the Messenger Options section. Go to Options|Messenger Options|Privacy|Block Users to do this. Can’t hurt to “wear a belt and suspenders.”
Also, use a password for your smartphone.
Don // June 08th 2012
Further to my notes above.. my yahoo account was compromised, accessed, copied, using the Yahoo! Go Phone technology. 5 viruses identified. This cyber crime activity apparently by an ex-security service officer. I have tried to delete all my yahoo services, but they do not do this for up to 3 months. Had given up hope of restoring emails for past 15 years+. he has sent spam emails to all in address book. Am concerned about future activity. Can Yahoo delete his Go Phone facilities?
Ray // June 10th 2012
I have 3 yahoo email accounts hacked at this time. Can’t stop them. Changed everything 3 times. I think it’s a Facebook linking thing this time. I’ll cancel Facebook to make sure as they are sharing everything and with everyone for a profit.
While the Facebook account is linked with your email you can’t stop the hacking as they are selling your information to every terrorist that wants to buy it.
anonymous // June 10th 2012
I’m back with an update about yahoo account that foreigners hacked into last fall via yahoo messenger and spammed my contact list. I do not chat on any messenger but for precaution, my settings blocked anyone not on my messenger list and my list is empty and STILL I HAD all these pending adult xrated conversations accumulated which I reported to yahoo.
I also noticed by clicking the little mail envelope top page switches classic to the new version so I have no idea what is going on. I gave no permissions to any fb applications and I do not share yh updates and blocked the yahoo profile.
Suddenly, I am getting spammed with these personal and vulgar notes (with embedded links) which appear to be from someone (unknown) claiming to have chatted with me and every few minutes piles of mail comes from vulgar recipients names that are spoofed off “facebook ” selling adult products which also have links embedded.
It is ridiculous.
Today I responded with threats to turn them over to the FTC/FCC and everyone else on the list and no matter how deep I dug to find out where to respond, they are spoofing AND getting past my filters and yahoo is doing NOTHING about any of it.
Now, there is a long delay when I type into my browser when my yahoo email is open and I no longer trust anything about it.
I’ve had this address for years and it will take me a very long time to set up new contact information but I think it’s just best to delete yahoo.
I am really sick of it, September will be a year of this junk. No one at yahoo seems to have any help, It doesn’t seem right to me but what else can you do?
3J // June 15th 2012
I was hacked yesterday. Have been with yahoo for about 10 years and no problem. In my login activity, the hacker was from Hungary. They sent emails to nearly everyone I have ever sent an email to (including ones that I have only once ever sent to). The email included a link to a blank page. I know it’s a blank page because one of friends clicked on the link thinking I had sent it.
I plan to abandon this email account.
I am very concerned that the hacker has seen my other emails which contain usernames and passwords for other sites. Some very important ones with personal information.
Could the hacker have seen these? I have changed the password and where possible, the email address registered with all my accounts. I’m scared.
brenda cress // June 18th 2012
I Just got hacked from someone in Romania, Thanks a lot Yahoo. I agree it shouldn’t be so easy for someone to get into my account!!GOODBYE YAHOO!! I am going to Gmail where it is more secure!!
anne // June 20th 2012
I am also hacked from Romania.. OMG!!
bitingdust // June 21st 2012
Hacked from Mexico – login within a minute from my login in Virginia!
CMM // June 22nd 2012
I’ve been with YahooMail at least a decade, but was hacked today from SPAIN. Every person in my email contact list received a link for some weight loss product ~ WHAT an EMBARRASSMENT and HEADACHE!!! I got responses from people I haven’t heard from in YEARS. Several even wanted to know if the produce is really any good.
REEEEEEEEEALLLLLLLYYYY PEOPLE!?!??!?!?!
LOL
Thanks for this great site. LOTS of valuable info here.
debbie // June 24th 2012
Hacked yesterday from:
via Browser: France
via Y messenger from Turkey.
will be deleting yahoo email service…..ugh.
mleka // June 24th 2012
OK people! Stop! Please!
If your Yahoo! Mail was sending some spam to your contact list friends it is your own fault (troyans, virus and other Windows OS (I guess) related problems).
Regarding “strange” locations…
Go to ‘Recent Login Activity’, change column ‘Location’ to ‘IP Address’ and copy paste that “strange” location IP Address here:
http://www.ip-adress.com/ip_tracer/
You will see in the results below that nobody hacked you and that your mail or messengers logs are all from the same country. Why is this happening you need to ask Yahoo but as someone said, that is not their top priority problem…
I hope nobody deleted his own Yahoo account. 🙂
—
Sleep calm and Best Regards from Serbia/Croatia!
(on Yahoo Mail since 1998)
AJ Kohn // June 24th 2012
I believe there’s a fair amount of evidence to the contrary mleka. Could someone who has recently been hacked check to see if the IP Address matches the City/Country for Recent Login Activity.
CMM // June 24th 2012
MLEKA ~ I took your advice and entered the IP into your tracer link and came up with the following result. It says Spain, and I live in Florida. If my computer wasn’t accessed from Spain, via Yahoo’s breach, NOT mine, what it is called besides hacking? It’s not a facetions question, I’d really like to better understand what happened here. There was no malware, trojan, or otherwise on my computer.
IP address [?]: 84.78.200.235 [Whois] [Reverse IP]
IP country code: ES
IP address country: Spain
IP address state: Cataluna
IP address city: Castelldefels
IP address latitude: 41.2777
IP address longitude: 1.9688
ISP of this IP [?]: France Telecom Espana S.A
Organization: Ya.com Internet Factory
Local time in Spain: 2012-06-25 04:59
CMM // June 24th 2012
Oh good grief … It’s not a FACETIOUS question.
HAHAHAHHAHAHAHAHAHHAHA
Eh, it’s not a facetions one either~:D
mleka // June 24th 2012
@CMM So strange. In my log I see Sweden, Croatia and Netherland. ATM im in Croatia. When I trace IP – I got: Croatia, Croatia and Croatia, so everything is fine.
CMM // June 25th 2012
Okay, in the for-what-it’s-worth category, this is what I got on this situation from my computer person:
“Technically, you weren’t hacked. Your computer was never accessed. What was compromised was Yahoo. And I say compromised because we don’t know how the person in Spain got your account information. Highly unlikely that it was from you because you’re on a mac and take good precautions to avoid phishing type things.
Yahoo itself was compromised and this isn’t the first time. Are people hacking their user database? Maybe. Is an employee at Yahoo selling it? Maybe. We don’t know and can’t tell from the information you have.
But changing your password protected you from whoever now has the Yahoo account info. At least until the next batch of account information is hacked or sold.
I’ve read about this happening multiple times to Yahoo, and they don’t admit or take responsibility for it.”
Eduardo // June 26th 2012
This has been the most helpful post on the problem of Yahoo Mail hacking. Thank you AJ!
Quick suggestion to all on how we can be even more helpful to each other. If each person provides the following data, it might be easier to establish a pattern, an understanding of the cause, and the solution(s).
1) Forensic questions, followed by answers in all-caps (my answers are below):
– Did you have Yahoo Mobile app on your smart phone? YES
– Did you have a strong password? YES
– Have you detected any malware/viruses? NO
– Have you used public computers with browsers? YES, LIBRARY COMPUTERS
– Is it possible you entered your password in a phishing site? DON’T THINK SO
– Was your email account tampered with (emails deleted, settings changed: vacation response, mail forwarded, security questions, authentication email address, cell phone number, etc.)? NO
– Were the spam mails asking for money, or just sent annoying links? JUST ANNOYING LINKS
– Where were your hacks from, recognizing that these may be spoofed IP addresses/locations (Account Info > Sign-In and Security > View your recent sign-in activity [Yahoo only keeps your last 20 sign-ins, so take a screen cap of both the locations and IP addresses])? SERBIA, THAILAND, ALGERIA
– Where was the spam email sent from? AUSTRALIA (CLEARLY A FAKE IP ADDRESS)
2) What have you done to resolve this?
– Deleted Yahoo Mobile app from my phone
– Removed Yahoo Mobile from settings (Account Info > Sign-In and Security > Manage Apps and Website Connections)
– Changed sign-in settings (Account Info > Sign-In and Security > Change sign-in settings > Sign me out every: one day [changed from 2 weeks])
– Established second sign-in verification (Account Info > Sign-In and Security > Set Up Your Second Sign-in Verification)
– Removed any other connected accounts (Account Info > Sign-In and Security > Manage other accounts to sign in)
– Created a sign-in seal (Account Info > Sign-In and Security > Create a sign-in seal)
– Changed password
– Shut down Messenger (Options > Messenger Options > Privacy > change to “Block all users not in my Contact List. I will not be able to send or receive messages from users not in my Contact List”)
3) What theories do you think might have caused this?
– Yahoo Mobile app has a hole that allows access to contacts without requiring password. I THINK THIS IS MOST LIKELY MY PROBLEM
– “Cookie hijacking” (see comment above “If someone gets access to session cookie they can login without having password. It is possible to steal session cookies via webpage scripts.”) MAYBE
– Passwords divulged through phishing sites DON’T THINK SO
– Yahoo Messenger I DON’T USE IT
– Virus/malware NO
– Other theories?
– Links to other websites that address this problem?
4) How we can get Yahoo to fix this?
– Don’t allow access from different geographic locations without confirmation (this is insane that Yahoo can’t prevent this!)
– Yahoo should immediately send an alert email if your account is accessed from a far-away location!
– Yahoo should investigate how information is accessed during hacking access. (Are bots/non-humans collecting email addresses?)
– How can we contact Yahoo to get satisfaction?
mleka // June 26th 2012
After you get all forensic data send them to: horatio@csi-miami.gov and wait for his responce.
🙂
CarterArts // June 28th 2012
Had this same problem, although mine was logged into in Malaysia, on a Browser… It attempted to send an email 3 times (as far as I’m aware), but I have an inbox with 3 failed message reports. No idea if these are even real either… MAILER-DAEMON@yahoo.com??? Is it real? If so, then I suppose the hacker failed miserably in his attempts… My main worry is, I use the same password on a lot of things, so do the hackers actually know it, or what?
sajid hussain // July 09th 2012
I got a message from Yahoo saying my e-mail account had been hacked and that I should change my password, which I did. Now I get a pop-up which says my browser cannot confirm my certificate. When I log on to my e-mail account everything seems to work as normal, except that the web address does not start with yahoo. I went to the Yahoo security site (sites actually, they are kind of a maze) and told them of the problem twice. The first time I was told they would get back to me within 24 hours. The second time I bypassed e-mail and went through their home page with a description of the problem. I got a long e-mail back that gave me some canned answers and asked me to click on from a list of other possible problems and to provide all my personal and password info. Obviously, no one at Yahoo is dealing with this problem yet.
DAN RAU // July 30th 2012
Hi there! 🙂
Let me share my story:
On Saturday morning I have been informed (by Yahoo Mail – Recent Log Activity), that on Friday evening, my mail has been accessed from a country that is different from the one that I set in My Location settings. The country (from which I never logged on) is Iceland (my default one is: Romania).
So today again -> yesterday (Sunday) my mail was accessed again from Iceland.
So w… is happening!
I change my password, secret question and secret answer from Yahoo.
But today I tried something: I logged on from my mobile phone device into the Yahoo mail and after that checked on Recent Log Activity … and what I found was surprising in fact. The activity that it was done from my mobile phone device is logged like it was done from Iceland – so every time I’m trying to log in from mobile it seeing me like came in from Iceland not Romania.
:)))))
Funnny! Ha?! :))))
Sorry! I couldn’t help my self 🙂 😀
Kwame // July 31st 2012
Hi all,
It’s very funny that ONE WHOLE YEAR after people like AJ and Paula have complained about how Yahoo can’t seem to use comparisons between a user’s location history and activity log to figure out that an email has been hacked, Yahoo seems to have done NOTHING about it.
My mum’s been hacked three times in the past week. Her activity log shows several logins from Nigeria and CA-US: some of the gaps between login-times from these locations are only possible if one can teleport! Moreover, she does not even live or work in either o these locations.
Unfortunately, the attacks proved lethal- the scammer sent messages to my mum’s contacts, explaining that she “was stranded, and needed a loan”. Very embarrassing. Already, some close friends have lost 1000’s of Euros to this.
I am glad I can register my disappointment in Yahoo here. Thanks for your article, AJ.
mleka // August 01st 2012
dan rau, that is exactly what i tried to explain to this “engeneers” here… but, no use… :))
Christy S. // August 06th 2012
I ended up closing my Yahoo account – and will not go back – because of my recent (today) hacking.
They sent crap to my CO-WORKERS. NOT acceptable AT ALL!!
mleka // August 06th 2012
@Christy S. Hahahaha! That is because you have trojan, not because u was hacked. Changing your pass will do the work. But, closing account is much better, less noobs on yahoo.
:)))
AJ Kohn // August 06th 2012
mleka,
Please keep it civil. This is not a forum to attack others. Thank you.
mleka // August 06th 2012
kk.
Tom Kummer // August 07th 2012
My AT&T Yahoo email is being forwarded to all my contact list and I keep getting
a message back that the (mail could not be delivered).. I normally only send to eight people regularly.. The messages that I get back are not mine.How can I fix this problem?
t-kummer@sbcglobal.net
Dovile // August 26th 2012
I had exactly the same problem with my Yahoo account – some @&%hole from Japan hacked my account with Y!Messenger (I wonder how it was possible, as I never use YM and I’m always set to off-line?) and sent spam to everyone on my address book. Luckily, I’ve got only 5 or so addresses there. I only noticed the problem as I got bounced undelivered emails messages. Of course, I changed my password asap, but why didn’t Yahoo asked the spammer my questions? I’ve never logged in anywhere outside Lithuania!
I think Yahoo could solve this hacking problem very easily with just adding to YahooMail an optional setting where you could choose never to allow a log-in from anywhere outside your preferred location. A lot of users never or rarely travel abroad, and the spammers would never be allowed to log in, even if they had the correct password.
Ishwer // September 02nd 2012
Hello all,
I was on vacation this summer in india and where my yahoo email was hacked through bluetooth. This e mail I used for my business and on 23rd july my account was hacked.
The hacker sent an e mail to all my contacts saying that I lost my money and all my credit cards so i need money immidiately.
Please contact me on this e mail which was alternative email in my account.
I checked in my e mail and found that the my e mail account was first used by VSNL Hydrabad and next day in Negiria again in Negiria and then in Amsterdam.
I have got the ip addresses where ever my account was used.
Can any one tell me how to find the hacker.
Or how can i get the help from yahoo, It was a yahoo account.
Please help me.
Thanks
Brittney // September 19th 2012
My question is this… I got hacked last night and the emails were sent around 3:30am. When I go to my account activity, the last logins say 12:09am (accurate) and 8:19am (also accurate.) Nothing in between. No account access other than from SC. All the same ip address.
How can my account have been hacked and NO information show up? I am extremely concerned about this! I live in a dorm at my college. Could someone near me hack into my phone/ipod and do this?
Travis // September 20th 2012
Thas weird i also got hacked same day and i live in sc and have a iphone now i changed my password but i still cant get my mail on phone it wont let me sign in but i can sign i now on comp with new pass
Randy // September 25th 2012
My yahoo email was hacked on 9/21. I found out by getting returned messages. The hacker shows to be from Austria. Getting answers from Yahoo is horrible. They take forever to respond and the responses are typical canned responses. My concern was how long they were in the account. Could they tell me what folders, if any were accessed? Of course, they could not. Has anyone had any ID theft issues from this nonsense?
Virgilio S. Clavel // October 07th 2012
Complaint dated October 5, 2012
Dear Yahoo. My previous FB account had been compromised. For months I had not been using it. I suspect the hacker could be from one of the 3 internet cafes I frequented during the previous months from late 2011 to this date. I forgot my password already and I had been using one of my alternate FB accounts.
JUst an hour ago I saw that someone was using the FB verclavel_14@yahoo.com. I can provide details why this FB account name was selected. Reason, there are symbolism and traces to my professional and academic life. So I can validate with few questions if indeed this FB account was truly compromised. Possible reason was my change of cellphone number two to three times. And perhaps the number I put as point of contact on this account was already different than I have at present.
I have some important articles or files on this account which I need as of this moment. Perhaps, the hacker, if you may call it, was interested on those series of articles.
Hope, you can help me out. One way O can contribute in foiling such possible is by sending me 3-4 messages posted on this email address during the past six months. I know quite well of syntax and I could figure out if such messages belong to me. God bless. In my communication, I use the title — MPM, one entrypoint of interrogation to determine if indeed other messages posted on same FB account came from me.
hakeem iqbal // October 07th 2012
my yahoo not instaling open my yahoo
jerry // November 08th 2012
How do I get my contact list back and all of the folders?
Terry // November 12th 2012
Just had spam sent to all of my contacts then discovered that someone from China logged in this morning – my location is Switzerland !!
Very annoying – have just changed my password but cannot use the mobile confirmation service as this is not yet offered for my location.
Hope this doesn’t happen again anytime soon.
zaricuffs // December 05th 2012
My Account Rogers has been cancelled not bill paymant password
i am not still use original Yahoo! ID to access personal information
Click “Continue” Using for Unlink Original Id
Show Me : “”Sorry we can not process your request at this time, please try again later.””
Who Unlink Or Delete Payment Plan ?? (im noting password paymant)
Please Help Me For Back Account Yahoo Id
Thanks
“”My Account Rogers Hi-Speed Internet service because your account has been cancelled who not unlink Rogers Our Back original Yahoo! ID to access personal information who help me””
Wanda Foster // December 10th 2012
I can’t get into one of my sbcglobal.net e-mail accounts. I my changed my password on AT&T and complained because I could use still use my old password and my new password to get into the account. AT&T wanted the new password, but SBCglobal.net still wanted old one. After this complaint, they shut me out completely and I can’t get support needed to get back in.
Jsmith // January 06th 2013
Thanks for your post. I was hacked from Serbia yesterday (thanks for letting me know how to find that out!). Luckily I didn’t lose control of my email, but I did spam half the earth. I’ve got a pretty strong password and have changed it.
Patrick // January 13th 2013
I am currently being mailed by yahoo on a daily basis with the standard automatic email used to notify a user about password recovery via secret question. It basically means that every single day, someone has my email in some database and is trying to “guess” my answers. I mailed yahoo help center days ago and got no reply. I think it’s beyond idiotic that my only lvl of protection in regard to the data I might hold on my email account is given by password strength and 2 questions. I have changed my password and security questions. The security questions and answers themselves are unguessable unless you are a government agency :-L. Still, and I must emphasize this, it is MORONIC and DISRESPECTFUL that I cannot protect my personal data from complete and most likely ill intended individuals in any other way. I also wanted to move my personal stuff to GMAIL but I was unable to import from Yahoo, because, as far as I have read, Yahoo does not permit Gmail to import for what I find to be obvious reasons and all out FEAR of client migration. At the same time, to me this seems as if I have 2 options given by Yahoo: delete account and data OR wait to be hacked, as my stuff is prisoner to Yahoo and their lack of basic security protocols. I also must say that I myself am from Romania and the beta mobile token sign-in security measure does not cover my country (Google does:”>). I know, some people might say: “hey, it’s a free email service, what do you expect!”, well, what I expect is at least giving me another option to back up my sensitive and personal data contained within the email. Today changing an email address can create more hassle than changing your mobile number! It means, updates to so many places, starting with work, universities, banks, clients, other contacts, forums, etcetc. To be honest I was shocked to see that on password recovery you get frighteningly large amounts of hints and other data such as recovery email account log-in names! 😐 HOW in the world can you give out such a HUGE chunk of hack gold info just in a bunch of clicks?!!!!! I am considering migrating my stuff from Yahoo for good since these things never bothered me until now.
Anyway, take care and good luck! 🙂
(P.S. I use “smurf” accounts when writing on blogs, forums and such.)
Tom // January 24th 2013
Just happened to me — Yahoo Mobile was accessed by someone in Georgia (I live in Virginia).
11:44 PM Browser Mail Access GA, US
11:44 PM Yahoo! Mobile Logged In GA, US
I just turned on ‘Second Sign In’, but obviously it’s too late!
James // January 28th 2013
Hacked this morning from Germany and then another UK location. The e-mail message sent to all of my contacts said I was stranded in Limassol, Cyprus with passport and possessions stolen, then asking folks to help. Same thing happened to a friend 10 days ago. All Contacts and e-mails have been deleted from Yahoo account.
Fanan // January 28th 2013
Had a horrifying experience with my hacked yahoo email this morning. Email sent to all my contacts informing them that I was robbed along with my entire family at some Resort in a City I last visited over 6 years ago. The email ended with a request for assistance. Its embarrassing, to say the least. Right now, I have recovered my email but cant receive any mails. I can only send emails. Completely lost as to what steps to take so I can start receiving emails…
AnnoyedNewYorker // February 01st 2013
FANAN, check your trash folder. I had the same just thing happen to me and the hacker and diverted all my incoming emails to the trash folder (also deleted all my contacts). Check out the little GEAR icon on the upper right corner of Yahoo! mail/mail options/filter. If you find a filter, delete it. Also, send an email to yourself and see what the name is on the message. My hacker had changed my name to “Yahoo!.” You can find this also in mail options/mail accounts/sending name. Check here also to make sure they haven’t changed the sending address. Also check your profile and make sure the hacker hasn’t added an email to your profile. Now my Iphone can send emails.
Good Luck.
Ed // February 03rd 2013
This is the second time in a year that this has happened to me. I already had second sign in verification enabled but that obviously didn’t help. Like with everybody else, the entry point was “Yahoo! Mobile”, this time from South Carolina (I’m in AZ).
This is getting tiresome.
Steve Rock // February 04th 2013
Yahoo is still allowing hackers to brute force passwords via the Mobile! app. I had my account hacked into this weekend. The Login history shows access from PA, USA via the Mobile! app. All they did was send email to my three or four contacts, one of which was a secondary address that I use. That is how I was alerted. I have now disabled Mobile! from my Yahoo allowed apps, and also turned on ‘second sign in’ – changed passwords etc. What a joke that Yahoo doesn’t explain why this is still happening 3 years later…
madashell // February 05th 2013
I’ve been hacked too, and i just called yahoo about it. They told me the hackers were in my computer and I have to pay them to get them out and protect me for 1 year 149.99, theres a higher price for 3 years and 5 years…I have to pay them to fix what they let happen.
Cash // February 05th 2013
I think I’ve been hacked because the emails that went out to my contact list were not from me. Issue is that I can’t get back into my yahoo email. When I try to login the system says it does not recognize my device. I was logged in yesterday on the same device and it worked fine. Plus, I never check the “remember me on this computer” option. The security question presented is not mine and trying to get around it is impossible as all avenues seem to lead back to me having to put in the same info that leads to the bogus security question. I’ve read other blogs that state there is a “this is not my security question” option but that does not show up on the security question page. Any suggestions on what to do next would be most appreciated!
Mitchell Earl // February 07th 2013
Yahoo is lying about your computers getting hacked. With some exceptions, the reason this is so widespread is because Yahoo’s authentication servers are getting hacked and customer’s email accounts are being stolen from the source, not your computer.
I just wonder how long it will be before Yahoo is forced to admit this. It’s been going on for 2 years.
Peter // February 10th 2013
My yahoo account just got hacked. I received a notification from Yahoo that a login was suspicious, so I checked the login log and someone had logged in twice some hours ago from Peru, which I’ve never visited, via Yahoo mobile, which I’ve never used. I haven’t even set a mobile phone number for Yahoo to contact me. My conclusion is that there exists a vulnerability in Yahoo mobile that allows attackers to log in to any account they want, because my password is not easy to guess.
Rob // February 12th 2013
Discovered I’d been hacked yesterday.. Logons from Pakistan, Germany and Mongolia within 3 hours.. Only thing that alerted me to the hack was a returned email reply..
Changed my password, and deleted my contact list, even though it was only 3 people..
Very poor Yahoo.. Has no computer organisation contacted the media about these hacking attempts, and warned online mail users about securing their passwords. If you search Yahoo you can find simple email cracking software available, that brute force email accounts. There has to be a way to stop this.
Iris // February 14th 2013
Thank you everyone for all the information. I was hacked yesterday and am still trying to figure out how it happened. There were many nice people who called or e-mailed me about “the strange e-mail”. No, I was not in Manila and did not ask for money. My contact list is gone but probably needed to be cleaned out anyways.
Thank you again for the suggestions to prevent it from happening again.
Carol // February 19th 2013
Thank you so much for posting this. I woke up with loads of emails saying that the email was not sent I checked it and all those were sent at 1am while I was asleep. Made me panic so badly… Till I checked the recent sign in locations and found that I was hacked by people in Sudan.
janetafl // February 21st 2013
I just was hacked AGAIN today. This is the fourth time at least, and I’m so tired of this. I’m in Florida and this time it was from PA, USA and Korea each accessing it a number of time today. They sent an email that even went to my boss, that is so embarrassing. Changing my password only seems to hold them off for a while then they are back at it. They send stupid emails with dangerous links. They used to send to my contact list, so I deleted it completely and turned off the auto add feature, so no contacts. Now they seem to just select email addresses from the emails in my inbox. I give up. I am going to switch to another mail service. One that takes better care of their customers privacy and safety. Good bye and good riddance Yahoo!
Ken // February 22nd 2013
I have to agree with Michell Earl about Yahoo’s authentication servers getting hacked. This particular problem is widespread on Yahoo and it is not on Gmail so it is clearly happening at the source. Yahoo could do a better job but apparently they are more interested in redesigning their home page. I have no reason to visit Yahoo once I close my Yahoo email so I think that they will lose more customers by this problem than by any clever web page redesign would ever hope to gain.
Sorry Yahoo but you really blew it.
Cheyenne // February 22nd 2013
Just got hacked by someone in Budapest Hungary (I have their IP address now) so I had to change my password and when I did it said I should update my Mobile! app. I do not own a mobile/cell phone or any other device that is mobile. Yahoo is my secondary email and if I have to, I will close out the account all together. This is pathetic at most. And I might add this is the second time it has happened to me via Yahoo.
Gerry // February 23rd 2013
I’ve been hacked too and even though my Yahoo Contacts page is always empty, they spammed everybody I ever emailed with that particular account. That is, all the contacts found in the “To” fields of every email found in the “Sent” folder. Fortunately, I only used this account for non-important correspondence…
Since they didn’t change anything, I still have access to my account (and I immediately changed my password and removed “Yahoo! Mobile” from the authorized apps).
But, I have a question…
Does removing “Yahoo! Mobile” from the authorized Apps will stop this particular type of hacking forever?
By the way, for the curious, here’s how to remove “Yahoo! Mobile” from the authorized Apps (but it only works if you currently have access to your account)…
1.- Sign in to Yahoo!
2.- Hover on “Hi, Your Name” on the top right corner to get to “Account Info” (this will open a new window/tab and Yahoo will ask you to verify your password)
3.- In the Account Information page, select “Manage Apps and Website Connections”
4.- Click on “Remove” next to “Yahoo! Mobile”
5.- Click on “Back to Account Info” and then “Mail” on the top (or close the new window/tab)
Pat // February 24th 2013
My address was hacked Thursday night. I knew something was up when I checked my email Friday morning and saw about 15 undeliverables. I checked my login history and found 3 from Malaysia. I immediately made all the changes suggested here. I am grateful I had bad email addresses because no one notified me. Many people online are very naive and don’t realize the email might NOT have been sent by the person.
I learned it’s a good idea to have bad email addresses in your contacts – and more than one so any deliverables will be obvious.
I am still uncertain as to exactly what the spammer was able to access. Did they just get my contacs? Could they read my email?
Fuuny thing is, I don’t use Yahoo messenger, but I went to the Messenger page anyhow – just to check. At the top right of the page, there is an icon for “Notifications.” When I clicked it, there was a notification that said: “Your account was accessed from a device we did not recognize. If you did not access your account, please view your sign-in activity.” WHAT A DUMB PLACE FOR YAHOO TO NOTIFY ME. Why didn’t they send an email since I have never used Yahoo messenger. This was so stupid that it immediately made me lose ALL respect for Yahoo security. NO more Yahoo for me.
2 months ago, I killed my Android service. After becoming disabled, I no longer needed a $90 cell bill. I did use to access Yahoo email from my phone. My phone has always had a password.
About 3 hours after I discovered that spam mail had been sent, I got an email from my bank telling me that a purchase has been made at PETCO with my credit card. This was becoming scary. I have never used any credit card on my phone. I am still befuddled as to how someone got hold of my card number. It was a card for my business so it had a different address than my home. I refuse to believe that the spam and the card use weren’t related. I reported all my cards as lost – just in case.
I have to conitnue with Yahoo until I establish a new address to use. But I moved all my contacts – except the bad addresses. And I will check log on activity on a daily basis.
This is absurd. I have heard that AOL is infamous for this. People’s AOL mail gets hijacked all the time. Yahoo seems no better.
Tammy M // February 25th 2013
my account was hacked as well, so I closed it and emails are still being sent! How do I stop this? I opened a new account with a different name.
Sue H // February 28th 2013
My Yahoo email was used by someone in Bulgaria yesterday. They first used a mobile phone, then their computer. I immediately changed to a very strong password. Then saw an email supposedly from Yahoo.
It was obvious by the bad grammar that it was not from Yahoo and I did not click on the link to deal with the unauthorized user as they suggested. That email had a senders address ending in @yahoo.com
They also changed my Yahoo Classic mail to the new mail and I cannot change it back. I forwarded the phishing email to spam @yahoo.com and await some answers from Yahoo re all my complaints to them.
I have only ever accessed Yahoo email from my home desktop computer and do not have a cell phone. I have no idea how they were able to get into my account. Luckily I only have 12 contacts in that account and 9 of them are my Yahoo groups.
Anonymous // March 04th 2013
I’m a Yahoo user who was hacked today from Romania.
AY // March 04th 2013
I am pretty sure Yahoo itself (!!!!!) is behind all these “supposedly spam”- and here is why- they want to force you to change to the Beta version AND to supply your phone number; which I am reluctant to both. (Hate their Beta version-sucks like Yahoo itself and like their new CEO…)
And the proof- I changed my password, and right after my email platform “Changed itself” to beta. Then I went to another Yahoo account (not yet “hacked into) and deliberately change the password to a 20 digit (!!) one; and what happen?- The next day this was hacked into with the same spam. Now- no chance somebody can hack into a 20 digit combination (elaborated)… Other than… Yahoo itself.
Then I get from yahoo notices that my account was hacked into- but I get 20 different messages with different header names, and all was done in 3rd world countries- Turkey, Peru, Egypt…. the list is long. Probably Yahoo generated random list of 3rd world countries supposedly ALL full of hackers.
Bottom line- Yahoo suck!!!
Wisdom // March 06th 2013
I can’t access my email? I think it’s been hacked?
It’s my OLD EMAIL It says that it is logged in on an unknown device and I haven’t even used that email in a long time so it shouldn’t be logged in. It wants to send a verification code to my back up email I used when I made that account but I have no idea how to get into that one anymore I used it so long ago when I tried to log into it it says that it doesn’t exist. Please help! How can I get it to where it can send it to the email I use now? I want to make sure nobody is using my email account!
Doughboy // March 07th 2013
My sign-in seal I created for Yahoo mail has been disappearing in less than 24 hours. Even after going around that phishing sign-in and changing my password multiple times peculiar things were still happening. I discovered the “second sign-in verification” and thought that would solve the problem. Within a day or so “totalsourceautomation ADP Total Source Automated Payroll Invoice” shows up in my Spam twice within 5 hours. And “Ferdinand Jensen New Play Coming Tonight.” I deleted this account with the above named and am watching this new account with a different carrier closely. When I contacted Yahoo about the problem one of the first things told to me was “Yahoo is the safest email in the world.” This guys nose would make Pinnochios’ look sick.
Anon // March 10th 2013
I got hacked/phished by an entity in Turkey with the following ip: 78.161.147.110.
Damn ridiculous. Yahoo must are some incompetent fools, i’m switching over to gmail as primary.
anon // March 11th 2013
just got hacked like 20 mins ago aswell I was online when my email start sending msg’s and bouncing back with undelivered email. lol.yahoo sucs ! 🙂
fbsco // March 11th 2013
almost the same as “ANON” – signed on and MULTIPLE undelivered emails – so I seared for this info – THANK YOU – and IMMEDIATELY changed password & secruity Questions…..THANK YOU!!
Used2bSecure // March 12th 2013
Rediculous situation. I have a dormant y7mail account, with unique password, fromwhich I have only ever sent 3 emails (all to my own accounts using my clean home PC) and yet it got broken into (from infamous Hungary mobile route) last month. Result of break in? 3 spam emails sent to those three addressees in “sent mail”. Yahoo has a massive internal security leak, but will never admit it.
ude // March 14th 2013
My company account got hacked 3 days ago. I tried to call Yahoo Customer Care on the phone numbers that I saw on the internet. The guy answered me from India.He asked me for my date of birth and account number. He later asked me to pay a sum of £100 which I declined and then he lowered it to £80. I declined. He then declined me any service. I cannot change my password and hackers keep sending mails soliciting for funds on my behalf. Some have fallen prey of this scam. How can I delete my account.
Bryant // March 18th 2013
email hacked and multiple send failures.
It keeps sending from my Iphone 4s, latest software, no jailbreak.
Even after creating a new PW, i decided to re-add the account to my iphone and bam, again.
im in MA, and the log in’s are from TX and Washington.
Gorkie // March 21st 2013
So yall know this isnt letting up, as of 9pm 3/20/2013 my email was hacked from Croatia. They sent spam emails, and even loged into my yahoo mobile. The account has scence been terminated.
Tony // March 22nd 2013
My Yahoo Blocked names box is full…500 maximum. I didn’t add any of them. How did they get there? Don’t I have to actively add names? Did Yahoo add those names? Only answers I could find with search is that my account has been hacked or compromised. I change passwords often. I log out after each email session. I have checked recent sign in activity; all normal. How do you contact Yahoo to report it? All I find is “Help” or “Yahoo Answers”. None apply to my problem. I need to get the message to Yahoo and I need a response from Yahoo!
Amy // March 28th 2013
Help! I’ve had my yahoo email for a long time and have recently gotten it compromised somehow. I thought it was hackers but someone else said a virus. What the issue is, is when I tried to log in, it took my username and password, but then asked me to enter my security question. My answer did not work. Somehow I got in tough with Yahoo -can’t even remember how at this point as I’ve called numbers and it says they no longer offer technical phone support? But, anyway, someone from Yahoo (on an email response) said they would change it to where I didn’t have to answer the security questions, but to use my alternate email – so I used the link they sent and put my alternate email on file and got into my account and all was good. The next day, I was locked out again! Now the alternate email account doesnn’t work either – I just never get an email for verification. So, basically, I have no access to my Yahoo account. I have important information under my account so I am worried. Is there anyone that can give me a phone # to call? Or anyone that knows what I can do? Your help is greatly appreciated!
Cee // April 01st 2013
@Amy, I just got locked out too – annoying! I sent in a request and put an alternate email as a gmail account. And being impatient, I called them as well. Unfortunately, at the # I found, they said that they couldn’t do anything as the issue had already been elevated to a higher level and it should be taken care of within 3-5 business days. Ouch. That’s too long in my book. Anyway, you can call them at 408-349-1572, and select option 4. You will be on the phone for A LONG time. If you have an incident number, I’d give that to them with the updated information on what’s going on. Or you may just want to open up a new case. They might not be able to do anything right away, but they can update the info for the other team at least. And in the meanwhile, I’d open up a gmail account so you can transfer everything and drop Yahoo when all is said and done. I found out that you can import not just contacts from other email accounts, but all of your emails and also have emails forwarded for 30 days. If I would’ve known this before, I would’ve dropped Yahoo for Gmail long ago as my biggest holdup was leaving behind all of my emails.
amy // April 02nd 2013
@Cee. Thanks for the info. I’ll try that # and see if I can get anywhere with it. I will be closing Yahoo just due to the lack of security and lack of customer care. I wish I didn’t have to, but, this has just been too big of a hassle. I’ll get me a Gmail account from this point on. But, thanks again for the help – it is much appreciated!
Laura // April 03rd 2013
Wow, this article was written 2 years ago and people are still having the same security issues. My email was just hacked yesterday (Poland, mobile user) for the first time in about 7 years. I am switching to gmail before it happens again. Seems like it is a question of “when” it is going to happen again, not “if” it will happen again.
Marcus // April 10th 2013
First time issue, log time Yahoo user. Mine was from Ivory Coast (Africa):
5:58 AM Browser Logged In Ivory Coast
5:57 AM Browser Mail Access Ivory Coast
5:57 AM Yahoo! Mobile Logged In Ivory Coast
Changed Password and Security Questions – I will follow up with any new activity. They sent out an email at 6:08 AM to everyone in my contact list. I had people calling me asking if I think they are fat… email was for some new diet pill 🙂
sandra shrubb // April 16th 2013
this morning i had masses of mailer daemon failures, and a few friends commentng on links i had supposedly sent…. checking activity i am in australia and someone logged on in russia 12 am this morning… what the f….k….. why didnt yahoo pick that up….. i have been with yahoo since 2000 never any problems, but now after reading this and after sending copious emails to warn contacts, i am going gmail for
personal and keep yahoo as my subscribed emails. i quickly changed password but yahoo what are they doing???
ramon l. suazo // April 21st 2013
actually this netbook computer was lately purchased for use only for chat because here in this onboard vessel very-very needed for us in a way of communication but since as I said this computer is new and a lot of matters such as like games and others such as acers cloud,zumas revenge and others the time that I click this always asking with me a email add and password for signing so in a other words for some matters of curruisity I didn’t meant that I made a lot of mistake until such that they appear here that you lock for 12hrs.sorry for what I have been done in this computer I didn’t meant to offend you like this situation expecting your kind and understand in this regard…………thanks……..
Laura // April 22nd 2013
One more thing I have noticed since Yahoo mail hack. I suspect my emails are being read by someone. Every time I check my mail now some of the new messages are bold, others are not and I know I have not read them yet. I have changed password several times created new sign in seal and sent message to Yahoo expressing my concern. After a few back and forth responses from them they basically let me know that they do not have a solution for my particular problem. They just don’t seem to care. I have switched to gmail but still monitor my Yahoo messages as I would hate for my contacts to get hit again from my hacked Yahoo account.
Y U SPAM? NOOB? // April 23rd 2013
Hrmmm someone from Venezuela logged onto my account with yahoo mobile and someone from the Netherlands at the same time… scumbag spammers such a pointless thing lol the mail they send…yeah embarrassing.. the same shite you see single mom makes blah blah blah an hour garbage.
S // April 25th 2013
I just had this, found some spam I apparently sent yesterday bouncing back from my brothers email account (of whom was killed tragically years ago) so that upset me, until I discovered it sent to people from my email, I viewed the logged in thing and it had Malaysia and Netherlands (a LOT of log in from Netherlands) yet I am in the UK, I changed my email and did the secondary thing but it still says it, I checked my IP address and it says my IP is in the Netherlands, I am on google chromebook so not sure how to fix it, this laptop had built in everything to prevent malware/etc so I cannot do scans, really confused and stressed, I cannot contact yahoo (spent 24hrs on and off looking online) til saw this, I do not understand how after I change my info it is still being accessed in Netherlands using browser, but more upsetting is my UK IP address is now saying the IP address is in the Netherlands and attached to a Netgear router. I do not know what to do.
Andy Edinburgh // April 26th 2013
Thanks for this as it let me find out I was hacked from Iraq on yahoo. I never use the account that was hacked and it has been lying dormant for a while. So I’m pretty sure it’s not a link I clicked. That leaves a brute force hack or someone has my password. A new report says Yahoo email accounts have been stolen by Russians -http://www.channel4.com/news/yahoos-email-system-hacked-by-criminal-spammers
jess // May 01st 2013
I had my account hacked several times this past weekend. Reset account on yesteray oly to have it happen again today. This is very frustrating.
I’m about to give on Yahoo after more then 10 years of having this account.
Geoff // May 05th 2013
Clean PC (no keylogger) and Poland hacked Yahoo account. My first gripe is, like Tony, why does Y7 auto-build contacts lists? I’m only hoping that businesses whence I’ve sent job appns had a good spam filter, else my prof reputation is sitting behind the 8-ball!
Sad1 // May 10th 2013
I was hacked tonight- “Yahoo Mobile” – Chile.
Embarrassing
Peter // May 13th 2013
My Yahoo-Account got hacked last week from Algeria accessed over “Yahoo Mobile”.
Password-guessing should be impossible, the password is too complex.
What is Yahoo doing? Why can’t they recognize this pattern: Far-away login-attempt over “Yahoo Mobile”.
Why is Mobile Login enabled by default?
Why are the hackers still succesful, even years after this news message here from 2011?
Laura // May 15th 2013
Doesn’t something about this hacking sound fishy to anyone else? I mean it’s sort of weird to read through all these posts and see the hacking has been done from so many different locations. I suppose one could allow for unreported hacks, some people not finding this site and others posting on different sites. But still, don’t you think we should see like a whole bunch of hacks reported from Chile around the same time frame? There is very little consistency in the locations that are being reported. I think something else may be going on in addition to the hacking.
Pat // May 21st 2013
I saw this article this morning: “Yahoo Japan Data Breach: 22M Accounts Exposed”
http://www.informationweek.com/security/attacks/yahoo-japan-data-breach-22m-accounts-exp/240155216
It’s obvious Yahoo has massive problems, BUT refuse to blanketly warn people so thaty we can take precautions. That new Yahoo Prfesident, Melissa, needs to do her job.
Kathryn // June 04th 2013
I have had my yahoo account for over 5 years. I have never had a problem till now. My account will not let me sign in. It says my signin and password are incorrect. But I know they are not. Then when it goes to my security question from 4 1/2 years ago everything I answer says its wrong and locks me out…. Is my account hacked and gone forever…. I dont know how to get it back to let me log in to change my password… Help
BILL // June 05th 2013
My yahoo account was hacked last night and spam sent to everyone on my contacts list. I always log in from the UK.
4.45 PM | Browser | Logged in to Mail | United Kingdom
3.02 AM | Yahoo! Partner’s Application | Logged in | India
3.02 AM | Browser | Mail Access | India
The spam emails contained only a link to a website and my ‘name’. They were sent at 3.03 AM.
It is now 2.10 PM and I no longer have any Yahoo email accounts, and do not intend to have any in the future! I am only sorry, having read plenty about these difficulties, that I did not vote with my feet BEFORE I was hacked.
Yahoo clearly don’t take this part of their business seriously.
MrsW // June 05th 2013
My email was hacked from Serbia this morning though ‘Yahoo’s Partners Application” login and then yahoo email access. I have no idea what that means. I did all the recommended changes.
My contacts all received some spam from me with a link in it. Yuck.
Mitchell Earl // June 07th 2013
As a computer tech, I continue to deal with this problem on every week. I am noticing that the hack seems to usually begin with Yahoo mobile but sometimes from another app like Y Messenger.
Bottom line is Yahoo is getting hacked and keeping it real quiet. There employees blame the end users for not having complexed passwords, changing password, etc., but it’s not the end user. It’s Yahoo getting hacked and the proof is everywhere.
Also, I’ve noticed that if your cell phone number is listed but still unverified, I have sent multiple request to Yahoo on behalf of my account and other customer’s accounts and never received a text response back, so Yahoo appears to be completely inept at running a reliable email system.
Before you get hacked, and you will, export your address book to your hard drive so you at least have a backup. I have seen hackers send emails to everyone and then delete all contacts when they are done.
Also, when you are hacked and you recover your account, go through ALL your email and account settings to make sure that additional accounts, forwarding accounts, vacation replies, different reply to addresses have not been created. I have seen all of this on different customer’s accounts. If you just change your password, you may still have the above issues.
Brian // June 09th 2013
My account was accessed from a Yahoo Partner’s Application from India. They apply for a Yahoo Partner ID to gain access to Yahoo’s API and then hack a vulnerability in the API to log into any yahoo id and send emails. They didn’t send spam using my contact list. …even worse. …they sent spams to everyone I had sent emails to that were in my sent folder. (This gives them more addresses than using your contacts.)
To stop this in the future, I deleted all my contacts and deleted all my sent emails. Also, as a precaution, I deleted all email in all accounts, including my inbox. With a completely clean yahoo account there is no way for them to send emails to people I know.
I have a VERY complex password. So this means that they either spent forever using a dictionary attack with no resistance for multiple retries from Yahoo. …or most likely they are bypassing the password requirement altogether. This means that they only have to get your yahoo account id. I suspect that they are harvesting these id’s from when they send out spam from other people’s accounts.
I know another person who this happened to a couple weeks ago when I got a spam from them. They changed their password to something complex and it happened again a couple days later. Then it happened to me. (They got my yahoo id from the other persons attack.) It’s my conclusion that they have found a way around the password requirements. Unfortunately this means that this will go on forever until Yahoo patches the weakness in their API.
Des // June 12th 2013
I’ve just spent three hours sorting my wife’s Yahoo email account after it spammed all her contacts & friends with god-knows-what – the source of the hack was Poland and IP address: 213.92.134.36.
I eventually convinced her it was not the USA’s NSA PRISM programme after her food recipes and/or family photos of children/new born babies. Given that she is a computer illiterate (save for Facebook) and paranoid all at the same time the chances of her divulging or a victim of phishing is ZERO.
Yahoo Does Have a System Problem as mooted to by the previous poster: BRIAN.
MPS // June 13th 2013
My yahoo email was hacked. I found out that the hackers were from Malaysia with and IP address of 103.1.146.20. They attempted to drain my resources by contacting my financial institutions.
By an IP address lookup website, I found the following information:
gary.chong@u.com.my 20110523
role: U Mobile IP Administrators
address: Level 11.01, Level 11, East Wing, Berjaya Times Square,
address: 1, Jalan Imbi,55100 Kuala Lumpur
country: MY
phone: +603-21179888
fax-no: +603-21448895
I contacted yahoo to try to ask them about their security lapses.
They wasted 45 minutes of my time and just blew me off – completely unconcerned.
I changed my passwords, deleted all my emails and moved off all my contacts.
Lyna Morgan // June 16th 2013
Dear all,
I think Yahoo is a useless teams anyway. Hacker hacked in to my account 3 times with the same name (congcac2000@gmail.com) from Quan Tri Vietnam district 24 & i tried to reach Yahoo team. But, some how you cant seem to reach them & when i tried to re-set the password i can succeed it. because, the hacker had change all my phone & email address. After all of this repeat & repeated I had closed my account. But, the hacker still come in & create an new account & add it in to my account. i don’t know how it happen & what to do now! if anyone out there know how to fix this problem please help, if you know how to inform Yahoo to permanently close my yahoo account please let me know too. Thank you very much
Annie // June 17th 2013
I just got hacked from china but I could still log in so I just changed my password
Teresa // June 18th 2013
Joined the party this morning.
I work in IT and while I don’t consider myself a technical guru, I am sure I hadn’t clicked on anything suspicious and that my password was reasonably secure, with uppers, lowers and numbers. I agree: The hackers are somehow bypassing the password altogether.
Appears my hacker logged in, in the double pattern from Turkey and a Yahoo partner application. I have a Droid phone. Since I have had this account for many years, the idea that my phone is involved makes sense.
It does appear that the hacking program searched beyond my Contacts list because my daughter’s boyfriend got the spam email and he is not in my Contact list. CRAP. I’m going with a private account.
just a yahoo user // June 19th 2013
I have had to change my password twice as all my sent email addressee where spamed again. Last year it happened so I change my password. On Sunday some yahoo logged in from latvia sent out spam emails again, Im in Californa.
WHAT IS YAHOO DOING ABOUT THIS ….??
Does anyone from yahoo see this site and all this complaints. We should all send it to their CEO.
ashish // June 19th 2013
I had teh same thing but see this it was their partner app that was the attack vector
11:22 AM Browser Mail Access Turkey
11:22 AM Yahoo! Partner’s Application Logged In Morocco
Mitchell Earl // June 24th 2013
Scanning through all these posts, The Yahoo! Partner Application comes up more than any other possibilities. Might be anecdotal, but It’s pretty obvious to me that there is a serious security flaw here.
As long as Yahoo! continues to blame things like weak passwords on their customers, looks like it will never get fixed.
insp58255 // June 28th 2013
My yahoo email was hacked and spam sent to all my contacts. Now all my contacts have been deleted. How do I get them back? Please help
I have also been on the phone waiting for yahoo customer service for 46 min now and no answer.
Dianne Troutt // July 01st 2013
Someone stole my yahoo email account so I can’t log in to yahoo. But I need my emails & contacts from yahoo exported to outlook.com account. Can someone help me?
Ben // July 16th 2013
Another confused victim here. I don’t use Yahoo messenger, I didn’t click on any malware links, and I am generally pretty astute about avoiding trouble. The logs say my Yahoo! account was accessed through the Partner site, like everyone else, but from Ohio (1 week ago) and New York (today). I have entered a complex password, enabled secondary sign-in authentication, and deleted my iPad’s access to Yahoo! Mail. Given how many people were hacked a second time, I’ll post an update in 1 month, and report back if my security measures were enough.
oldone // July 17th 2013
I really dont like the 500 mile suggestion.
Yahoo did exactly what you suggested with my account when I took a trip to India and logged in from my dad’s computer. Guess what, I could not remember my false answers to my security questions, and my US phone did not work there – so I was left without any way to communicate, even though I did remember my correct password and nobody had broken into my account.
The real problem is it was too easy to break into an account in the first place. And the old system leaked the sender’s address in the URL of the page where you read their message, so an advertiser knew all your contacts anyway.
Lisa // July 17th 2013
This JUST happened to me. I saw an e-mail that bounced back (as several called it). It was a link.
Lisa // July 17th 2013
It was for a diet product. I ended their session; it said it was a persistent log-on.
Lisa // July 17th 2013
But AS SOON AS I did it, my yahoo messenger came back on! I had been unable to find it before!
Lisa // July 17th 2013
I had tried to find yahoo messenger before, but it was somehow disabled for me.
Lisa // July 17th 2013
Sorry to reply ad nauseum. It’s my phone.
Lisa // July 18th 2013
What if when you go to account settings- change your password, etc. the hacker knows?
YAYV (yet another Yahoo victim) // July 18th 2013
First, I want an earthquake to swallow up 701 First Ave in Sunnyvale California with everyone inside. Except for the team responsible for Yahoo e-mail security, each and everyone of them must be trampled to death by an angry Triceratops dinosaur cloned and brought to life for this purpose.
Several months ago, as my response to the increasing reports of Yahoo mail getting hacked, I changed my password to a recommended strong password (long string of upper and lower case mix, numbers and #-& characters). At the same time I changed the answers to my two security questions to words that made no sense as answers to the questions.
I did everything right, dammit! And yet I got hacked. The attackers not only sent spam out under my name, they had access to sensitive private, personal mails that could embarrass me if made public. Note, I am not a celebrity, not a government employee, not a VIP. But it’s my information!
I do not have a smart phone. Never used any mobile services, “chat”, IM messaging.The only “extra” thing I did besides mail was occasionally commenting below Yahoo news stories and playing some of the Yahoo online games.
No way could anyone have guessed the password and/or the security answers. Only someone on the inside, in Yahoo, could have done this. Criminals!
Needless to say, the rigmarole I had to go through to get access to my Yahoo accounts restored was a nightmare: a form asking me to identify myself required me to enter in plaintext, via an unencrypted connection, my security answers. Crazy! Every e-mail to Yahoo customer service was answered by a different “customer service representative”… until they stopped answering altogether.
And I still have been unable to change the security questions to my “alternate” Yahoo account, which is linked to my primary Yahoo account. i get stuck in an infinite loop where I am requested to enter my password but it never goes through. Until I manage to do that, the hackers could still do it all over again.
Wait, I changed my mind. I want everyone in Yahoo strapped to rockets that will take them direct to the sun. Ponder what you did to me while you burn up in the solar corona, you lousy incompetent sleazebags.
Sassy Lou // July 19th 2013
I checked mine. NO ANOMOLIES..yet Yahoo makes me change my password every friggin week. It’s pissing me off…and it won’t let you use old passwords. Now I have to think of a new word..every WEEK…and of course..I forget my rotation of passwords…and I have to create a new one. FUCK!!!!
Yahoo User // July 22nd 2013
Thank for the info. My Yahoo email was hacked 18 July 2013 and used to send spam. My wife’s Yahoo account was hacked a few months ago. Using strong passwords and everything else doesn’t help when the weakness is Yahoo security. My account was hacked using the same mobile cross-site script weakness that Yahoo claimed to have fixed months ago. After more than 10 years with Yahoo I just can’t justify paying for these accounts when we can’t even count on having basic security.
bill // July 24th 2013
My wife used a co-workers iphone to check her yahoo email on July 18 and on july 24th this morning at 9:30 am, she went to log in on our laptop and yahoo stated her account may have been compromised and directed her to change her password. Log in history shows someone logged in from Romainia on July 24 at 7:24 am. And mailer demon shows returned mass email. The email is a link to an alleged fox news website and a attached file. Thank God yahoo notified her, she switched to gmail.
Scott Honer // July 30th 2013
My account was hacked last week. Sunnyvale Ca comes up allot. A bogus company called SupportMart posted a so called 1800 number. How does it work? Most people Google a customer support number for yahoo. Then you operator suggest ghosting your computer and account as if they are helping you. They download their software while they are helping you, and attempt to get you to believe the account has been hacked by someone in the Phillipines. Then they make you believe only Microsoft can fix the hacking. They kindly transfer you to believe your talking to a contractor of Microsoft. This Support Mart is them! They for 400 dollars can get your hacked email back, clean up your computer and fix all your network issues. It’s all BS! It’s a SCAM! After the 400 removed from your account! They can’t fix your email, they can’t fix your computer or network. Then the story changes to, ” we installed antivirus software and that cost 400! Them they have your banking information and make numerous attempts at removing more money from your account. These as?&$@es should be in prison. Check out Support Mart complaints online!
KFAR // August 22nd 2013
My Yahoo account has had someone attempt to get in, I received notification on mobile and secondary email address. They did not succeed (I have quite a difficult password and security questions, thank goodness) but I would like to know if it is possible to check where they have tried as I have my suspicions about who it is. Any info you can offer would be most apprecaited.
Thanks
Exasperated Yahoo User // August 28th 2013
My yahoo emails have been hacked again and again. I have extremely complex passwords, I instituted the sign in seal, I have second sign in verfication, etc. I was STILL HACKED with all of that. I don’t know how they are doing it. I have gone through every extra security measure offered and I am still getting hacked. How?! I checked my apps and website connections and I have none. I have an iphone where I check my email through there, but not through a Yahoo mobile app separately, just my iphone’s mail center. Also, they havent sent emails, or changed anything in my account. They keep signing in and then signing into my flickr account too. It’s very scary because the IP address is shown as coming from a local area near me and I get a lot of store emails from there which include my home address and phone numbers!! I am exasperated as to how to avoid any additional hacks.
lennie // August 30th 2013
bottem line is everything about yahoo sucks…
Comcast user // September 20th 2013
I am being accused of forwarding emails that someone had sent to me to his girlfriend and I didn’t, she showed him the emails and shows my email address, how do I prove that I did NOT do this???? I’m thinking she hacked his account but how do I prove to him that it wasn’t me as he thinks I’m forwarding everything to her. All this just started when he upgraded to yahoo mail as the incoming emails says “sent from Yahoo mail on my iphone” and used to just say “sent from my iphone” She somehow saw some emails months ago but think she somehow got into his phone, but this is all new, she was reading our emails as we were sending them?? Please help me clear my name!!!
Hacked off // October 19th 2013
Just got hacked yesterday – even with strong password. My mistake was to leave an old RIM account as a secondary account even though I haven’t used a Blackberry since 2004. It appears that they have hacked into that account and used it to reset the Yahoo password.
Lots of private information in there that I am not happy is being shared around the world probably with a view to setting up an identity theft profile
Funny thing is that even though I removed the old RIM account from my secondary email list, it still appears as an option when an attempt to reset password is tried. I can’t seem to remove it from there and so it still makes me vulnerable. Anybody come across this?
BTW I have not way of accessing the RIM account to secure it.
This hacking is a real worry for me and has certainly made me think more carefully about using the Internet..
Judith // October 26th 2013
@Hacked Off. If nothing else, I would place a credit freeze at all the credit reporting agencies so no one can open credit cards using your info. Someone who was trying to open a credit card using my name was refused since the retail store was told the credit information was blocked.
Try to contact RIM to see if they can eliminate your account:
http://us.blackberry.com/customer-service/contact-us.html
hacked // November 15th 2013
Am blocked from my yahoo account. Here is what happens.
I try to log in with my user name and password, at yahoo.com.
It takes me to a page that says “Yahoo Account Security has identified a possible risk to your account.”
There are 3 spaces: Current password, New Password, and Retype New Password (although it’s spelled Re-type.)
There are things to click including “can I trust this page.” That section says, among other things, to make sure there is a security certificate on the page. But there isn’t one. When I reset the browser, went to another browser, cleared cache and cookies and anything else I could think of, on that 2nd browser, then I finally saw the ‘lock.’
And I had to google ‘how to find security certificate’ to figure out what to look for.
So I tried to log in on that 2nd browser (which was not the first time, I’ve tried 2 browsers, every so often, over the past days.) Same thing happened.
I don’t know how to tell if that page is legit. Last thing I want to do is feed my password into a bizarre page. It does say Yahoo on it but so what? Hackers are geting more and more sophisticated.
Anyway so I clicked the lock on the 2nd browser (the little lock image by the http) and it says the page owner is “This website does not supply ownership information,” and the website is called edit.yahoo.com and it is verified by DigiCert Inc.
Under technical details, (again this is what came up in ‘security’ tab of a window after I clicked the lock by the http on this ‘change your password page) it says it’s got high grade encryption by Camellia.
How is an ordinary person supposed to figure this out?
Also, when I thought about it, the last thing I did was try to block and delete a message that was in my Yahoo messenger. Now please note, I do not have a mobile phone! I also had checkmarked do NOT use Messenger, in that email account. But the Messenger was still there. I kept meaning to look into that and figure out where I went wrong.
I now think that somehow, even though I did NOT click the link in that message that came up, and even though I had blocked the user (and their message STILL came up anyway which is a HUGE flaw in Yahoo messenger and their company!) that this Messenger thing is what triggered this blocked account.
Again I did NOT open their Messenger message. What happened was: I noticed there was a message waiting in Messenger (despite the fact I have never set up Messenger and thought I had disabled it long ago.) I clicked BLOCK USER. Then a message from that same user I just blocked appeared in Messenger. I clicked the X in the corner of their message, to close the message. Then, I logged out of my account.
Next day, I’m blocked from that same account. It took a bit for me to remember that even happened…I wondered if there was a connection and after reading all of these posts I think there is.
Hope you will forgive me not supplying a real email address but I DON’T HAVE ONE ANY MORE.
hacked // November 15th 2013
OH and isn’t it perfect irony that all of the free email sites now require a mobile phone…just to sign up. And yet that mobile connection is HOW the hackers are accessing all of the email accounts.
GENIUS, isn’t it?
(I don’t even have a mobile – another thing they didn’t think of. So I can’t get new email accounts – and this also didn’t stop them from hacking me via the Messenger that Yahoo apparently and stupidly automatically turns on in all email accounts…whether you want it on or not!)
hacked // November 15th 2013
Exasperated Yahoo User said:
“I have an iphone where I check my email through there, but not through a Yahoo mobile app separately, just my iphone’s mail center. Also, they havent sent emails, or changed anything in my account. They keep signing in and then signing into my flickr account too. It’s very scary because the IP address is shown as coming from a local area near me”
I think that could be your answer. I’m no expert as you can tell but, I’ve heard that there are people who just sit all day with scanners hoping to luck across someone logging into accounts on unsecured wireless connections. You log into your email from any wireless device such as an ipad, iphone, or mobile phone of some other type – and someone sitting in that same cafe can be sitting there tapping into all of that.
Unfortunately until these companies give a rip about their customers all we can do (after we take precautions that still don’t work), is do without.
Now I wish I could learn where to set up an email that doesn’t require a mobile, doesn’t INSIST on allowing ‘updates’ that are worse, or adding a second email (so they can hack that one, too?) and also cares about its customers enough to not leave huge gaping holes in security. Now where can I find something like that I wonder?
susan // November 27th 2013
YAHOO absolutely sucks….it is so user UNfriendly and must be a bunch of drunks running it….
Storage Letchworth // December 06th 2013
Just had a company account hacked from Nigeria.
For anyone in the same boat there is a very good list of things to do on the Yahoo page: ‘Securing a hacked Yahoo account’ – I would give the link but if you are rightly dubious you should not click any possibly dodgy link
The things they had done:
1. Sent a spam to all the contacts – that was it thankfully but that was only the start of recovering the account.
The problem was that they had changed lots of clever little things and you need to find them all and change them back
2. Fortunately my recovery email was a different account and I could go in and change the password. DO THIS AS SOON AS POSSIBLE! Also your own security questions too
3. I tried looking at my ‘sent’ emails – they had been deleted – so I could not apologise to all those he had spammed
3. I tried to go through all my contacts to do the same thing – they had deleted them all
4. and my trash bin
5. I have rattled off emails to yahoo to try and restore these. I would suggest you leave that until you have cleared up all the other problems as the email may not go through correctly yet
6. NEXT PROBLEM – I could send emails but was still not receiving any new ones (I was sending to the account myself from another account)
7. The hacker had gone in and changed the ‘forwarding’ to his email address and posted a new ‘sent from’ email address as well / change your ‘sending name’ & ‘reply to’ address – YOU MUST CHANGE THIS back to what you want
8. Then go to the ‘account information page’ and delete the hacker’s email address
9. the FILTER had been changed, he had put in a filter (or rule) that all incoming emails were immediately deleted, so anyone contacting me to ask if it was spam was immediately deleted and I did not see it. If there is a filter in there, check it and see if it makes sense, if not delete it.
It will take about 30-60 mins to work through it all – good luck
Aniko Kovesi // January 09th 2014
Hello,
My yahoo email was hacked also from Nigeria, He sent to all of my contacts money asking emails in my behalf.
He changed my password and mobile phone number also, I was unable to open my yahoo.
It took me a day when finally I could contact to Yahoo cust. service and they give me a temporally password so I could change it to a new one.
So Yahoo security is still weak, and they are not very helpful to solve this problems, what is going on in years now.
I am thinking to leave Yahoo all together.
parit // January 20th 2014
hello my yahoo account someone change password and mobile recovery option and also change alternative email which provide by me i want to know my last two days login location please help me….
Nonette Tavaco // February 08th 2014
I purportedly sent a message of “how are you?” to three contacts, including my other yahoo account. However, I have never accessed said account for more than two years now – can’t even remember the password. How can it be possible?
Ali Khan // February 27th 2014
Gee, I’ve been hacked at least once every six months with Yahoo. They had a huge security exploit that was supposedly fixed back in early ’13, but I’ve just been hacked today and had a plethora of spam links sent out to everyone who ever emailed me and so forth. Not impressed. I have other email accounts with Microsoft, AOL, and Gmail… Yahoo is the only one that keeps getting hacked no matter how many times I change the password, etc.
Thankfully, the hacker/spammer douchebags never altered any of my settings like lock me out. Seeing how that account keeps being compromised, time to stay with the other email providers who actually keep your account SECURE.
Mitchell Eatl // February 28th 2014
Ali, you are lucky. I’m seeing customers of both yahoo and aol getting hacked nearly every other month. Yahoo refuses to admit that they have had a real problem for several years. I blogged about it a week ago.
demdoum // March 28th 2014
Hello Sir
how can i get the log in activity history for 3 months ago.
i appreciate your help.
regardss*
AJ Kohn // March 28th 2014
I don’t think the activity history goes back that far demdoum. Sorry.
constance // May 19th 2014
YAHOO says my account is fradulent, even though I have never ever sent an email or sold one of my contacts, I do get emails from other companies like department stores, I gave them my email so I can get the discount coupons ect. I had my account for over 5 years, I sent my phone pictures of my grand child to this account. But on may 13 2014. I could not log in, called customer service, begged pleaded, told them my security questions, everything I could, told them to read my sent emails that its me.. for the love of goodness its to my family, college, tax accountant, I have family pics !.. this is an obvious personal account not some company trying to scam people! All I get is that email they send to me that has a generic name attached that says you violated TOA yahoo rules.. well I DIDN”T, I never did ANY bad emails to anyone… I detest yahoo, the least they could of done, is sent me an email so I could verify who I was.. this is so WRONG!
huff james // June 01st 2014
0800-098-8906 is the Yahoo Support number for UK?
Omir Saifedeen // July 21st 2014
He stole my account, but I was able to restore the account again
But there is a hidden mobile number so I can not delete it
AB // August 04th 2014
Yahoo’s security is non existant i was hacked from somewhere in south africa and the alarm didnt go off they emptied out all my emails and contacts
Jim Brunton // August 25th 2014
Dear Yahoo,
I have read the AVALANCHE of comments from all your numerous subscribers, and especially how they have been mysteriously overcharged.After phone ins from places like Romania.etc.This is utterly appalling.
My story is that I was with Yahoo, here in Australia from inception on the internet, till sometime about the Scoitt Thompson period, when Mainila got into the act.With many confusing conversations with Manila-and people who it was obvious, knew littrle about computers..This was a very confusing period for me, with many bad memories.But after 20 years, I found, without permission from me.I was suddenly cut adrift from them.It seems my website was given to someone from the U.K.
Question was I taken off Yahoo’s books.Answer-I do not know.It is still possible, I am ‘cut loose’ but still being charged.
This is an attempt to find out how this happened.Twenty years of successful operation.Suddenly sudden death.This after Thompson promised more focus on the customer..No way did this ever eventuate, in my case.And I will never forget the utter incompetence of Manila.Who knew absolutely zilch about their so called subject.This was the period when Thompson sacked one quarter of U.S. employees, to focus on ‘cheap solutions from Manila’.It was a total failure.
So I am appealing to someone at Yahoo H.Q. to answer my queries..
I figure,I am entitled to an explanation. J.B.
Jim Black // October 21st 2014
I have been hacked and I cannot change a password nor the security for Yahoo. Yahoo has locked me out of my account and I cannot do anything to get into it to retain my contacts, folders and calendar. ]
I have tried and tried to change a password and I believed that was why I was locked out of yahoo. The a friend found that someone had hacked my yahoo account and was adding a whole lot of junk to it.
I cannot reach Customer Service for Yahoo. I have written a letter to customer service attention MANAGER. No reply as yet.
I do not know what else to do except forget all my information that I had on yahoo and delete Yahoo and never do business with them again since their Security System is not doing what it should. ANY COMMENTS????
Mitchell // October 21st 2014
Jim,
If you are also a Bellsouth/AT&T customer you might get them to do a conference call with Yahoo so they can reset it manually, having verified your identity.
Josie // October 25th 2014
I to have now joined the “hacked” club. I was notified by yahoo to change my password and so I did and when I logged in to my email account I noticed bounced emails that were sent out in the middle of the night. That was two weeks ago and since then I have been prompted to change it 4 more times, each time there’s continued to be bounced spam emails. I have deleted my email account from my moble completely and it still happened. I went in to my account settings today and found two so called “trusted” apps. I deleted them and changed my password again!
Martin // November 01st 2014
Well, someone has just hacked my Yahoo email account and used it to retrieve the password to a service I was using unrelated to Yahoo.
They didn’t change the password to my Yahoo account so I still have access to it.
Phishing is 100% out of the question, and my password was extremely strong so they must have gotten in in some other way.
What’s interesting is that when I go to view my Yahoo IP log, the first and only entry from the hacker’s IP only says:
3:10 AM Browser Mail Access
No “Logged in” or “Logged in to Mail”, which is always the case for my own IP.
It seems as though they accessed the account WITHOUT EVEN LOGGING IN!
This must be some huge security hole at Yahoo. Something like a backdoor..
What do you guys think?
Max // December 07th 2014
I also had my email account hacked last week and i managed to get some information at http://www.hackedemails.com/help-emails-hacked/ hope it helps others like it did for me
NoOne // December 27th 2014
Martin ( November 01st 2014 post). If they didn’t login, did you allow any application to access your Yahoo account? Check your Yahoo, “Manage apps and website connections”. That page shows websites and applications that you have authorized to access your Yahoo account and use information from your account.
Yahoo email client // February 12th 2015
Does anyone know how to stop people from setting up False Yahoo accounts with our cell phone numbers. I FOUND A FALSE ACCT with my cell # attached. I tried to log into yahoo on an account I didnt use in over a year, went through hoops of getting the reset info via my phone number and VIOLA the account name was not even mine but they were using my cell phone number. Now what? What can we possibly do to stop this. They will just keep recreating accounts with our cell numbers. PLEASE tell me what I can do if anybody knows.
michael borraz-andres // April 21st 2015
I lived in brasil im from south Africa, I had a yahoo account I opened in south Africa, it got hacked in brasil and I lost could not recover , now I have a new yahoo acc and have moved to south Africa can not get in to my account ,keeps saying “will sms my mobile nom a code , my brasil num does not work here, I have a south African mobile nom, how can I change this , HELP IMPORTANT MAIL ME ON battlegsmith@gmail.com or SMS +27 72 6386 360
Me // April 29th 2015
Stupid, very stupid Yahoo Mail. I changed my country and it does not let me access my mail box. I have created this one for the most important things. It was created very long time ago, so I can’t remember the answer to the ONLY security question it was available at that time. It says that I never accessed my mail from this new location.
HELLO… is not for this exact reason people use E-MAIL ?
WHY PASSWORD IS NOT ENOUGH ?
People travel, you know…
Now, what can I do ?
jeremie paraiso // May 09th 2015
Can you please help me restore my account because I am already forget my password and I lost my phone and I can use him to restore my account , what do I do to restore my I Yahoo account please help me … you can contact me on this email —- >> jeremieparaiso013@gmail.com thanks god bless
here is my email I want to restore lldlzll@yahoo.com please help me …..
clark tabangco // June 04th 2015
plz back my account ctabangco@yahoo.com
G.W // August 11th 2015
Some of you are sooooo naive with all due respect. It is not necessarily that Yahoo doesn’t take any action, sometimes, it is on purpose! This is not a conspiracy theory but I am sharing my experience so you are aware of the broad spying program on Americans and worldwide which perhaps affect Americans too. I am concern of hacking and therefore usually log into the last activity page provided by Yahoo. Many times, it is shown the way I logged into the account, whether via PC or mobile. However, many times I have seen Virginia (and even sometimes) preceded by the location as Langley . Has somebody already got a clue? Well, who cares, we all are spied BUT the thing is, Yahoo support the effort by “deleting” or masking after a few minutes this log in event. Sometimes I have caught it coincidentally just to see this event vanished/removed after a few minutes when it is masked as a local logon activity.
Please take some time to check your sign-in activity more often and print screen the results. Some day we can massively criticize the way our personal info is collected and our taxes wasted on unreasonable unwarranted private searches.
JJ // March 25th 2016
Why does Yahoo not indicate any logs from mobile devices.
I changed my password, but kept my mobile logged in.
Result
On my PC I need to log in with new password.
Mobile
No change, I still recieve all my mail, despite asking me to log in again.
I cannot see what devices are currently logged into my mail account, or how can I see this.
If others are logged in the same way as I am on my mobile, they are still able to read my mail just as me on my mobile.
So whats the point of changing a password?
Emese // June 01st 2016
Hi, I am writing this post as my yahoo account activity shows the same things as many people said above back in a few years now – at present I am sitting in London and my yahoo account is logged in in Sussex Worthing. I have this problem for about 2-3 weeks now. I reported it to the police directly!!!!!
Action Fraud Department ought to log all suspicious activities to find the hackers.
I spoke to IT specialists – they think this is trojan virus and it steals your password as you type them in after your are being logged out. The problem is that whne I try to change my password in the security/privacy yahoo section that is when I ma getting locked out and my new password goes straight to the hackers.
I do not know what the hackers are doing, as none of my friend told me that they have received any spam emails form my account. So why are they sittting on my yahoo account? I ma about to go back to my yahoo accoutn to change the password again – and taking Printscreen shots about all hacking activity on the account!!!
Emese // June 01st 2016
No point in changing password – I have tried to register with his website today some hours ago but no reply yet – or my private domain email did not let in this website reply if there was any. If you try to change your password your yahoo account – it is immediately stolen as you try to verify it.
My yahoo account does the same things as many people reported above over the years. If you log in to the latest activity session and you see your account is active somewhere else then where you are actual are – that means you have a Trojan virus on your account stealing your passwords.
RUN A STRONG GRADED VIRUS SCAN program on your account and emails!!!!
THEN when you change your password never ever log back with a new password when you have changed in when it prompts you “sing in again” as it is the process of stealing your new password. ALWAYS LOG OUT WHEN YOU HAVE CHANGED YOUR PASSWORD!!! Never reply to a sign in again prompt. Stop your sing in process and close your yahoo account and enter in again and THEN type in the new password. It has not changed anything on my account today- so I am taking print screen shots all days long. I will figure it out at the and of the day who is the idiot hacker.
In the mean time – my advise to open a PRIVATE DOMAIN EMAIL!!!!!!
ponna markandeya // June 05th 2016
Hi All.
I like yahoo much. nowadays facing some security issue. i saw failure emails in my inbox. when opened shocked, those were not sent by me.
then i reported as hacked….
and i see recent history. that is really worse than any.
i never ever opened from those locations…
yahoo should concentrate on more security.
if not these types of cases make them down.
Emese // June 07th 2016
Hi there,
Does anybody understand how logon from other locations are possible?
Emese // June 07th 2016
Dear All, somebody recommended it to me to open email account with “yandex” – Yandex provider has got a detailed terms and conditions explaining it very clearly that they will immediately take your passwords and all your details – therefore your correspondences will be built into their logarithm projects – if they have got any, I assume they do have.
Very precise and clear terms and conditions to sign up with this email provider.
Alternatively, private domains has got secure spam screenings.
ks // June 27th 2016
A couple of years ago my wife’s email got hacked, they put her through hell to get access again. Afterward, I looked at the logs. On that day several entries from home (U.S.), followed a short time later by a login from Nigeria! Yahoo couldn’t figure that one out, give me a break! And then to treat her as the criminal. This is not lax security, this is NO security.
AJ Kohn // June 27th 2016
Sorry to hear ks. I must admit, it seems like an incredibly rudimentary check. To not be doing so seems … reckless.
brajesh mishra // July 02nd 2016
My Yahoo mail ID is hacked yesterday and the person who hacked is sending mails to all my contacts on my behalf that i am in problem and to send some money.
I tried to change password but unable to do so.
Dont know how to inform yahoo to help me quickly to avoid further mails from the hacker.
Valisse // August 14th 2016
Both of my yahoo accounts where hacked and someone activated the account key so I have no way onto either account and to op it off my main account was the one I was using to get pictures of my youngest daughter that I was forced to give up for adoption i do not have her family’s email address anywhere else so now what am I suppose to do? I have been locked out of them for 3 months… I need that email information it’s my kids pictures the only way I get to see her and have any contact with her.
Robert // September 11th 2016
I cannot believe that after 21 years I can no longer use my Yahoo account. I changed my password every year, never visited porn sites or click bait. But now I’m locked out with no alternative because Yahoo has no customer service, no help centers, nothing at all. I know several other people with the same problem, and a Google search will show hundreds more.
Why hasn’t Yahoo addressed this problem? Are they really this stupid? So now they will bleed off users by the tens of thousands and will blame everyone and everything except themselves.
I used no other account for 21 years. I have now switched over to Gmail. Good bye Yahoo, you were pretty good in the olden days, now you’re just a hasbeen.
Alan Gleason // October 01st 2016
I did receive my notice and after quite some time, finally fixed my problem. Deleted my account, created a new account and use 2-step verification. My recent activity finally shows my location for sessions logged-in. No more unknown devices.
Jackie Waldrop // January 13th 2017
Sorry I posted the number previously. This number has been disconected.
Yahoo phone number – If you see a Yahoo customer service number posted online, it isn’t Yahoo support.
Beware of calling a Yahoo support number you see posted online—here’s why
Did you forget your Yahoo Mail password, or get locked out of your Yahoo account? Or do you have another question that sent you looking for a Yahoo tech support phone number?
If you’re using your favorite search engine or social media site to find a Yahoo customer service phone number, you’ll probably come across phone numbers that claim to be for Yahoo technical support. None of these phone numbers will connect you to real support from Yahoo Customer Care.
Yahoo offers a number of ways to find answers to many of your technical questions. While phone support isn’t available, depending on your question or issue, we may be able to help you through email, chat, Yahoo Help Central, and/or in our Yahoo Help Community forums. And remember: support from Yahoo is always free.
What are these other phone numbers?
In a previous Yahoo Help Community Tumblr post, we let you know about websites that falsely claim to provide Yahoo support services. Toll-free phone numbers are often posted on these sites or on social media accounts. These phone numbers are not affiliated with or authorized by Yahoo, and will NOT connect you to Yahoo customer support. Calling these numbers could put your account and financial info at risk.
To protect yourself, remember:
• Yahoo won’t charge you for support.
• If you’re asked for credit card, banking, or account login info, end the call immediately.
• The only way to get support from real Yahoos is to go to Yahoo Help Central or one of our verified social media accounts: Twitter, Facebook, Tumblr, and the Yahoo Help Community forums.
If you see a site or social media account offering Yahoo technical support, remember: If it isn’t linked from Yahoo Help Central, it isn’t safe!
Problems signing in to your Yahoo account
You have important things to do in your Yahoo account, so let’s get you back in! Here are solutions for fixing the most common account access issues.
Most common sign-in problems I forgot my password
I forgot my Yahoo ID
I think someone else is using my account
“Invalid ID or Password” message
“First time signing in here?” message
“Account Locked” message
The sign-in screen loops or reloads
I’m using the right password and Yahoo ID, but I still can’t sign in
Problems using Sign-in Helper
My account recovery information is incorrect
Sign-in Helper says my password can’t be reset online – To protect the security of your account, if you weren’t successful with Yahoo Sign-in Helper or with the other options above, you likely won’t be able to recover your account. If you remember your sign-in information later, you can come back and try again.
To protect your account, a temporary lock is triggered anytime there have been too many unsuccessful attempts to sign in.
The lock will be lifted automatically after 12 hours, but you can always regain access to your account immediately using the Sign-in Helper.
Highlight this and insert it in your address bar and hit ENTER:
https://login.yahoo.com/account/challenge/username?authMechanism=secondary&yid=&done=https%3A%2F%2Fwww.yahoo.com%2F&s=QQ–&c=b5B5JPH.2bLyO4aNknsGmgXaRegO5rdE0VolHv7vbcklybeidGbH3VynYFmJUdK6DKac22bi1HgAnB1r1XdhrnZK9WnGrmeTxoKQO.mCRGORDeKNjXxmCKla7I_XFv_cirsxYgHIDD5dn1q_gB5a917sEfxKaXNFHxdMrbDkEyLwj0auNLw2WYARal7jYScm2jeHmXohsFT.kuvdnkTW~A
If you’ve followed the guidance in the “Invalid ID or Password” section of this article and still can’t sign in, try signing in using a different supported browser.
•Firefox
•Chrome
•Safari
If you can sign in, the problem lies with your browser and not your account. To fix the problem in your preferred browser, use our steps to fix problems with Yahoo not working properly
Sorry, comments for this entry are closed at this time.
You can follow any responses to this entry via its RSS comments feed.