Yahoo Mail Breach

I believe it's authentic since I after signing into my account info page I see it appears I changed my password 4 times.

Recent account access changes

Password changed

on your account info page

Thu, Oct 6, 2016 12:49 PM EDT

Password changed

on your account info page

Mon, Nov 25, 2013 1:17 PM EST

Password changed

on your account info page

Sat, Jul 27, 2013 7:32 AM EDT

Password changed

on your account info page

Sun, Sep 9, 2012 10:10 AM EDT

However, it used to indicate my security questions is no longer available. On researching, I found security questions are no longer available in on my security page.

"Re: Security question change
Yahoo no longer uses security questions and answers as part of the account recovery process."

I wonder if Fios will cancel their interest in buying Yahoo.

Read About It Here:
http://www.nytimes.com/2016/12/14/technology/yahoo-hack.html...

As the breach in question is reported as being longer in the past than the previously reported breach, for users who already changed passwords and such in response to the previously disclosed incident, I don't see the merit of doing it again.

But if someone has not yet taken measures, that would certainly be indicated.

A good general rule is never EVER, EVER click a link in a security breach warning e-mail. Instead go to the real website and interact in your customary way.

Fake warning e-mails with bogus links have become a favored form of spear-fishing to capture the credentials of credulous users. That was a prime method used in gaining access to Democratic National Committee individual e-mail accounts by persons unknown.

Even though this breach was real, I predict that some fake warning emails will be generated to take advantage of the credibility provided by the legitimate news stories.

The post isn't a question whether it is legitimate or fake mail. It's real without a doubt Yahoo is notifying perhaps all of their mail users.

I agree but it doesn't hurt to change our password again. The security breach (announced earlier this year) happened in 2014. This new one happened in 2013. It is older. I figure if nothing bad happens to me in 2-3 years, why worry about it now? However, I changed it regardless. Better be safe than sorry.

FYI there is no link in the email. Some phishing email does not provide links. It shows you a login prompt instead. Some inexperienced users can't tell the difference. They sign in on phisher's login form which of course sends the info to them.

No questions about that. I would expect to see those phish email in my mailbox too.

However, I did read the news and changed my password.

Time after time, the hackers have shown they can hack anything. Storing data on the cloud looks less and less viable. It could mean the end of the cloud as a business model. Changing passwords must be done, but it could be futile.

dobs108

I got a warning that my bank account was breached the only problem was I don't have an account with that bank so guys think about it before you go clicking , they are trying to get you to reply by scaring you once you reply they can hijack your home page and when you click on it again to get out you get nailed by malware . so look at it hard before you click on anything !

This was all over the news tonight. I only use web mail and there was an email from yahoo, but it did not force me to change my password. They don't have any sensitive info anyway, like real name or credit card numbers.

Yet more and more businesses/utlities are pushing toward online everything, like bill paying to "save paper" and postage costs.

Wifey uses yahoo mail and didn't get a notice either. From what I read this most current "news" is from a 2013 hacking, there was another more recent hack (within the past 6 months?) that she did get a notice about and did all the changes needed. My guess is that folks who changed stuff recently wouldn't need to for the one in the news now, other than for peace of mind.

You don't see it the way I do. I use fake info on my Yahoo profile, fake date of birth, no address, nothing valuable in Yahoo profile.

However, here's how things can go from bad to worse. Technically, hackers can scour my mailbox and find that I got some email from banks, credit card institutions, online vendors etc. They go to the website and use the same password as my Yahoo password to sign in. Can't sign in? No problem, they'll click "Forgot password" link and an email to reset my bank account password is sent to my Yahoo. Voila, my bank account is theirs.

Do you still think there's no sensitive info?

Are you absolutely sure that you do not use that password on any other account? That is the danger.

I cannot believe that security is not the top priority for any company with connectivity to private information. I find that the lack of tangible stimulation to quarterly earnings by increasing security drives some of this.

And this is not just with Yahoo. Many big companies have had this happen to them.(Or I should say, us).
I just wish that I could get back my bookmarks on the Yahoo tool bar. Anyone have any help with that?

Not a yahoo user but maybe this will help?

https://help.yahoo.com/kb/toolbar

I agree that access to one's email could give someone clues that might lead to a more serious hack. However, in the situation you described above, at least my bank and other financial institutions have additional security questions needed to change a password. I understand that if you gather enough information about an individual through email and social media, a sophisticated hacker might be able to correctly guess those answers, since many people chose simple questions/answers. All the more reason to use strong passwords and change them frequently.

Not sure where I read this but you should have a separate email account for important things.

I have a regular email for just stuff.
I have a different email for banking and only us it for banking.
I have a different email for credit cards and only us it for credit card companies.
I have a different email for my mother's business I take care of.

I need to do another regular email for shopping but use my just stuff regular email. May add one more email address.

It may have been Norton that said to do this but can't remember.

Not sure when the help list was produced but my Yahoo toolbar does not have any of the items listed. No + sign, no cog wheel. Thanks for trying.
This has been this way for a long time. Something to do with their being hacked no dought.

I think password recovery security questions weaken the security itself especially if you're a well known person. If I remember correctly, some hacker broke into a celebrity online account by correctly answering "what's my dog's name?" Doh! The whole world probably knows her dog's name.

I deliberately give random answers to security questions. For example: what high school did you go to? Answer: dcy cjnmu nkehc. No one including myself will be able to guess that. I keep a record of all the Qs and As. Can't remember them if I don't save them somewhere.

Yahoo

... but anything connected to the internet. Not much you can do about it other than limit the online information and use strong passwords. I use a password protected password vault that keeps it's encrypted data file on my main computer to generate strong passwords, remember them and cough them up when needed. At least I just have to remember one password. Even that represents some risk ...

This companies been on the down for several years now.

Why stop there? Stop using computers, tablets and smartphones. Close your bank accounts. Keep the money at home. It's not safe. Banks can get hacked too.

Unfortunately, the recent news is for Yahoo breaches from years ago.

old email service which must now be obsolete...don't know anyone who still uses it...

Their service is not obsolete, but Yahoo themselves failed to innovate when they had the opportunity, which leads to the current state of affairs. I still use Yahoo, and have never had a problem with their service in the 20+ years I've used them. These days however, I have my Yahoo and GMail accounts linked, simply so I can access all my email from GMail and/or my smartphone.

Yahoo seems to be far behind-the-times in so many ways.

I think the Yahoo CEO, Marissa Mayer, is just wanting the Verizon deal to close so she can make $57 million if Verizon decides not to keep her on. Verizon doesn't want her! Why should they? Everything she has touched at Yahoo has been a failure. But, Mayer will take home $219 million for her four years of doing practically nothing at the helm. If the Yahoo-Verizon deal goes through the Yahoo Board can thank Goldman Sachs, JPMorgan and PJT Partners, because she did nothing to make it happen.

Yeah, time to totally abandon my account. I never used it for much of anything. Yahoo always had issues with leaking contacts. Every time I received a phishing email it was from someone I knew with a yahoo acct. I never had any contacts on yahoo, good thing.

WOW!!

I like Yahoo mail. It’s simple, efficient, and works consistently. I hate the way gmail links multiple emails into threads. Once the thread gets interesting and bifurcated it gets painful to find what is new. I do not find all those fancy improvements to actually be an improvement.

Yahoo has to much junk mail ... I like Hotmail much more easy to use that both Gmail and yahoo.

But all of the online Emails have there good points and bad for each type of user or usage for the email.

We need Gmail for all the Android phones/tablets and we need Me.com/Icloud.com for all the IPhone/Tablets/Music.

So most people will have more than one account and most likely be on different email platforms too...

FYI - junk mail depends on the users habit. If you post your email address carelessly, you deserve to get a ton of junk email.

At the moment I have 2 junk email in my Yahoo spam folder. My Yahoo account has been active since late 90s. I have more junk email in hotmail but 100% go to spam folder unless I whitelist them. My hotmail setting is set to accept only those in my contact list. The rest goes go spam folder. I have no junk email in GMail (this mail account is about 3 years old).

I agree with that statement!

However, there are exceptions to that rule, One of them being that I have a Verizon email account which I never used once and that gets 30 - 40 junk emails a day.. Worse part is that Verizon email doesn't have a good way to filter out all the junk mail properly.

thanks

Just got my email from Yahoo informing me of this problem. Not sure why it took so long.

AT&T subsidiaries outsourced their email handling to Yahoo years ago. My sources indicated Yahoo is only notifying accounts they have determined were actually impacted by that 2013 breach, which would explain why I've only received 1 notification out of 3 possible targets.

Because the email addresses remained unchanged (keeping the original @subsidiary.xxx), AT&T handles front-end authentication to access the Yahoo-hosted email, the non-linked URL in the notice sends users like me to AT&T's web site via a page that redirects to a blank page (as of 24 hours ago when I last checked, via multiple browsers, using all the customary "extra measures" to insure anything there would be revealed).

After all that, I decided to take the old fashioned approach by searching through their nightmare of support and login combinations until locating a working page to reset the password for that account. On the same page as the password reset AT&T included the option to reset a pair of security questions, indicating it could also wait until later. Not wishing to re-navigate back later, I picked some Qs & As and submitted the set of changes.

A short time later, confirmation email arrived to let me know about the changes made, except no mention of any change of password. Since I run an email client locally and it hasn't yet complained of any password mismatch, I presume I'll be going back for more pain navigating AT&T's web of incompetence through over-complexity.