I received a rather bizarre e-mail last Saturday night just as I was getting ready to enjoy a lovely evening at a Marlins game. It came in to my business account from my Yahoo account and was asking me to send money to myself. According to the e-mail I was attending a seminar in England and needed some extra cash. This was all news to me as I was sitting in my Boca Raton home.
About that time my significant other wandered in wondering what I was up to and why I was “urgently” requesting a cash advance. His main concern was that this transaction might cause us to miss the opening pitch. My main concern was that one of my clients or friends might receive the e-mail and actually fall for this scam.
Yikes! I’ve written a couple of books and produced training videos on Outlook which included information on e-mail security. My network is harder to access than Fort Knox. How could this have happened?
Once the initial panic subsided I thought about the problem with a bit more clarity. I only use the Yahoo account for “shopping” purposes and took comfort in the fact that all the companies that typically spam me to buy more products, etc, will receive a bit of spam of their own. However, I needed to remedy the situation and, more importantly, prevent it from happening again.
My first step was to change my Yahoo password. I then brainstormed for possible ways that this hacking might have occurred. The list I came up with was rather short:
- My computer has virus. This seemed unlikely because only my Yahoo account was affected and none of the numerous business accounts that I have in Outlook.
- Someone stole my Yahoo password. Again, this seemed rather unlikely as I don’t post my password on the Internet or write it on a sticky note hanging from my monitor.
- I checked my email from an infected PC. A possibility, but because I rarely send or receive e-mail from my Yahoo account I have no reason to check this account from anywhere else than home.
- I was drunk or on some other mind-altering substance and actually sent the e-mail. A possibility except for the fact that I’ve never been very good at creating April Fool’s pranks or other hoaxes. And I haven’t suffered from a hangover – or even a bad headache – lately.
- Yahoo got hacked.
OK, I hate to point fingers but Yahoo seemed the most likely culprit. So on Sunday I began to scour the Internet looking for other folks who had experienced the same thing. I’ll have to admit that this was a bit time consuming as I had to keep reassuring various acquaintances that yes, I was all right and no, I didn’t need their financial assistance at this time. My Internet search turned up lots of people who had experienced the very same problem that I had. Ironically, in addition to Yahoo users, many folks using Gmail and Hotmail accounts had experienced the same problem I had.
Since I now felt comfortable in the knowledge that Yahoo had been hacked, I scoured the Yahoo help site for references to the problem and found – nothing. Except of course for a few articles telling me how to change my password. Hmm. So Yahoo users routinely had their accounts hacked, but Yahoo wasn’t taking action? Say it ain’t so, Joe!
I now set about trying to contact someone at Yahoo. Surely they would be concerned enough to take action. Surely they would want to prevent this from happening to other Yahoo users. I found several messages advising me to change my password but no specific reference to any responsibility on the part of Yahoo. It seemed to me that if someone was hacking into Yahoo and grabbing passwords Yahoo would want to know about it and, more importantly, put a stop to it. After hours of trying I finally reached a heavily-accented person who, after several minutes of hold time, came back on the line and offered to walk me through the process of changing my password.
I now know what it feels like to come home and find that your house has been robbed. My personal property was pillaged by some faceless low life and I feel violated. The bad guys have won. My main reason for posting this article is to get an idea of the number of other folks who have had their accounts hacked. If it’s happened to you, let me know!
It looks as if the same exact thing happened to me this morning! I got a weird text on my cell letting me know my phone number had been changed on my Yahoo account??? Then a few hours later my friend sent me a text telling me my Yahoo account was sending out requests for money saying I was stranded in London…but gave no way of sending money. I think it is a phishing email maybe??? In any case I am now locked out of my Yahoo account for 24 hours…I have way too much info saved in my account…I have used it as my main email account for about 18 years with NO problems till this! And worst yet…because I have it listed as my sign-on account for Facebook I can no longer access that account. I still have yet to see what other damage has been done! Did you ever get any advice/help on what you should do???
Hi Margie, I have heard from a number of other readers that they had similar experiences. Yet Yahoo maintains that there isn’t a problem. I removed all my contacts from Yahoo (fortunately I only had a handful) and changed the password. My hunch is that it might have something to do with using yahoo as the Facebook login as that is something I had started to do recently. Really disappointing that Yahoo can’t step up to the plate on this one!
Same exact thing happened to me. Friends were getting weird emails from me selling something or other….happened a couple weeks ago and I thought it was over and BAM get home from vaca and another had been sent…I have changed my password 4 times in 3 weeks….deleted everyone from my contacts….gets a little old….
Thanks for responding to my message. I was finally able to get someone on the phone from Yahoo!!! Can you believe that one…I found the number on Yahoo! Answers site and easily got a live person on the phone within seconds. They were very apologetic and helped me to get control of my account before the end of the night. I was amazed to tell the truth given all the bad things I had read while searching for help. The scariest thing is that whoever hacked into my account deleted ALL of my contacts and emptied all the inbox, trash and spam folders. They didn’t empty out the personal folders I had stored but I’m not sure how much info they accessed in them. I haven’t found any further evidence of damage from this episode so hopefully this will be it. I did change my Facebook email to another account that is hopefully more secure and have changed all of my passwords on my various accounts. Talk about a lot of excess work I really didn’t need.
Same thing here, I was on yahoo mail when the sent me a timed out msg, requiring me to re log on. Within two hours of that incident my problems began. E mail sent to all contacts re lost passport. Yes, my contacts are deleted.
Yahoo has a security problem, but does not seem to care.