[500 million Yahoo accounts hacked, what should you do?]
Re: What are you YAHOOERS doing?? [due to security breach]
I guess this issue still has me baffled.
With only a Yahoo email account, what can be obtained from that since it has no personal info.
About all I gave them is nickname and sex. I suppose, hackers could send me mail and try to trick me.
Also banks always ask for email address and a hacker would know where I have accounts but nothing more.
I do have some non/financial sites where the email is the user name.
Should I be loosing any sleep over this
With only a Yahoo email account, what can be obtained from that since it has no personal info.
About all I gave them is nickname and sex. I suppose, hackers could send me mail and try to trick me.
Also banks always ask for email address and a hacker would know where I have accounts but nothing more.
I do have some non/financial sites where the email is the user name.
Should I be loosing any sleep over this
Re: [500 million Yahoo accounts hacked, what should you do?]
I merged boater07's thread into here. The combined thread is in the Personal Consumer Issues forum (computer security).
As I noted on the first page, Bogleheads who use the Local chapters on Yahoo Groups should change their passwords.
As I noted on the first page, Bogleheads who use the Local chapters on Yahoo Groups should change their passwords.
Re: [500 million Yahoo accounts hacked, what should you do?]
I don't remember if I gave Yahoo security questions or my BD. How can I find out, and how can I change them if I did?
Re: What are you YAHOOERS doing?? [due to security breach]
Do you have shopping accounts (such as Amazon or Best Buy) that use the yahoo email address as a log in?boater07 wrote:I guess this issue still has me baffled.
With only a Yahoo email account, what can be obtained from that since it has no personal info.
About all I gave them is nickname and sex. I suppose, hackers could send me mail and try to trick me.
Also banks always ask for email address and a hacker would know where I have accounts but nothing more.
I do have some non/financial sites where the email is the user name.
Should I be loosing any sleep over this
If so, they can go to those websites, say they forget their password and a temporary password will likely then be sent to the Yahoo email account. They can then log on that shopping website, make a purchase, say it's a gift and ask for it to be sent to a different address. If you have your credit card info stored on the shopping website, then the purchase may go through.
Re: What are you YAHOOERS doing?? [due to security breach]
Yahoo has invalidated all of the security questions (and it doesn't appear they are allowing you to add new security questions right now). So if you tell Yahoo you forgot your password, Yahoo isn't going to ask you the security questions.wander wrote:Actually, they stole all security questions so even if you have changed your password recently they still can reset your password. You need to also change your security questions.serbeer wrote:Can only affect those who did not change password in the past 2 years, since the breach occurred in 2014.
But if you use the exact same security questions on another website, then it's possible they can be used there.
Re: [500 million Yahoo accounts hacked, what should you do?]
Go into your Yahoo account and go to the Security section. Disable security questions. I did this today and saw the 2 security questions I had listed.teacher wrote:I don't remember if I gave Yahoo security questions or my BD. How can I find out, and how can I change them if I did?
Re: [500 million Yahoo accounts hacked, what should you do?]
Today I went to my Yahoo account and changed the password. There were no security questions associated with my account.
Victoria
Victoria
Inventor of the Bogleheads Secret Handshake |
Winner of the 2015 Boglehead Contest. |
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
Re: [500 million Yahoo accounts hacked, what should you do?]
Thanks, I didn't know you could disable the security questions. They're disabled now. (I had changed my password earlier.)
Re: [500 million Yahoo accounts hacked, what should you do?]
I deactivated my security questions in the account info (or setup -- whatever they call it). I also changed the backup email and turned on two-step verification.VictoriaF wrote:Today I went to my Yahoo account and changed the password. There were no security questions associated with my account.
Victoria
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Re: [500 million Yahoo accounts hacked, what should you do?]
Changed my password today. Changing security questions were not an option. Fortunately, my old password was used only at yahoo.
Curiously I received a phishing email last week that threatened my yahoo account would be cancelled if I did not log in by clicking link. I have had several of these phishing email in the past year.
Curiously I received a phishing email last week that threatened my yahoo account would be cancelled if I did not log in by clicking link. I have had several of these phishing email in the past year.
- Mel Lindauer
- Moderator
- Posts: 35782
- Joined: Mon Feb 19, 2007 7:49 pm
- Location: Daytona Beach Shores, Florida
- Contact:
Re: [500 million Yahoo accounts hacked, what should you do?]
I've been using two-factor authorization for some time now, even before the word about the hack job got out. I definitely plan to continue using it.
Best Regards - Mel |
|
Semper Fi
-
- Posts: 25625
- Joined: Thu Apr 05, 2007 8:20 pm
- Location: New York
Re: [500 million Yahoo accounts hacked, what should you do?]
I wasn't aware there is an option to turn on two-step factor, where is that toggle?
"One should invest based on their need, ability and willingness to take risk - Larry Swedroe" Asking Portfolio Questions
- Mel Lindauer
- Moderator
- Posts: 35782
- Joined: Mon Feb 19, 2007 7:49 pm
- Location: Daytona Beach Shores, Florida
- Contact:
Re: [500 million Yahoo accounts hacked, what should you do?]
Click on your name and then "Account Info" and the option is under "Account Security".Grt2bOutdoors wrote:I wasn't aware there is an option to turn on two-step factor, where is that toggle?
Best Regards - Mel |
|
Semper Fi
-
- Posts: 25625
- Joined: Thu Apr 05, 2007 8:20 pm
- Location: New York
Re: [500 million Yahoo accounts hacked, what should you do?]
^^ Thanks, Mel.
"One should invest based on their need, ability and willingness to take risk - Larry Swedroe" Asking Portfolio Questions
Re: [500 million Yahoo accounts hacked, what should you do?]
Thank you, goingup.
I changed my password yesterday. Just now, I eliminated the security questions with your help, but found an answer to them was the same as my new password, so I changed it again.
Does anyone think using yahoo email for Google Docs login is a problem?
I changed my password yesterday. Just now, I eliminated the security questions with your help, but found an answer to them was the same as my new password, so I changed it again.
Does anyone think using yahoo email for Google Docs login is a problem?
- Mel Lindauer
- Moderator
- Posts: 35782
- Joined: Mon Feb 19, 2007 7:49 pm
- Location: Daytona Beach Shores, Florida
- Contact:
Re: [500 million Yahoo accounts hacked, what should you do?]
FWIW, I'd handle each one separately.teacher wrote:Thank you, goingup.
I changed my password yesterday. Just now, I eliminated the security questions with your help, but found an answer to them was the same as my new password, so I changed it again.
Does anyone think using yahoo email for Google Docs login is a problem?
Best Regards - Mel |
|
Semper Fi
Re: [500 million Yahoo accounts hacked, what should you do?]
A big fuss over nothing, comparatively speaking.
Probably over half the websites we use are hacked (maybe including this one), just hope you are lost in the crowd. If they can penetrate government sites, they can penetrate most private sites, though it's bad business for the sites to admit it.
Probably over half the websites we use are hacked (maybe including this one), just hope you are lost in the crowd. If they can penetrate government sites, they can penetrate most private sites, though it's bad business for the sites to admit it.
-
- Posts: 175
- Joined: Fri Sep 06, 2013 11:45 am
Re: [500 million Yahoo accounts hacked, what should you do?]
I have a very old yahoo account that I never used except to sign into a message board they hosted. I have not signed in in years. When I signed in today, it said "Due to suspicious activity we need to send you a security key at this email address _____@___________.______" That email address was VERY old and was with a server we no longer use and it no longer exists. So......am I safe to just leave my yahoo account "frozen" like this?? If not, does anyone have a recommendation for what to do next?
Re: [500 million Yahoo accounts hacked, what should you do?]
Where are the hackers getting data like telephone numbers and dates of birth from yahoo? I haven't given yahoo any of that information, at least not correctly.Sheepdog wrote: The stolen data includes users' names, email addresses, telephone numbers, dates of birth, hashed passwords and security questions for verifying an accountholder's identify.
Unlike a poster above, I don't reuse passwords and security answers from site to site.
This is pretty much a non-event in my universe, since I don't use yahoo email; email is stored on my pc via thunderbird, so the hackers can't rummage through it without targeting my personal pc, or sitting on a mail server and catching stuff as it goes by.
Re: [500 million Yahoo accounts hacked, what should you do?]
^^^ I also use thunderbird for email. I think you're missing the point that email sits on the server until it's read.
Yes, it's deleted off the server when thunderbird grabs it. Until then, it's on the server.
Yes, it's deleted off the server when thunderbird grabs it. Until then, it's on the server.
Re: [500 million Yahoo accounts hacked, what should you do?]
The Yahoo mess has really hosed up my Yahoo mail. I have changed the PW twice now. Thunderbird still authenticates to the POP server with the first change (did not ask to change the second time) but the outgoing (SMTP) is DOA. The Android devices are fat dumb and happy with the first change. They keep authenticating with new PW #1 even if I reboot the devices.
In the long run I am going to migrate all the activity off Yahoo and suspend the account. It isn't my primary email address but some people still have me in their address book with the Yahoo account. I might just create something new on another service and forward the mails to that address and shut off all access except web access. My guess is that if I deleted the server on Android and reinstalled it would ask for the newest PW. Not cool that Yahoo accepts PW #1 in the meantime.
In the long run I am going to migrate all the activity off Yahoo and suspend the account. It isn't my primary email address but some people still have me in their address book with the Yahoo account. I might just create something new on another service and forward the mails to that address and shut off all access except web access. My guess is that if I deleted the server on Android and reinstalled it would ask for the newest PW. Not cool that Yahoo accepts PW #1 in the meantime.
Don't trust me, look it up. https://www.irs.gov/forms-instructions-and-publications
Re: Yahoo says hackers stole info in 500 million user accounts
Got a good chuckle out of that one!squirm wrote:Half a billion is a lot of accounts, didn't know they even had that many users, unless maybe wells Fargo was handling their accounts
A fool and his money are good for business.
Re: [500 million Yahoo accounts hacked, what should you do?]
Just as I finished reading the latest posts in this thread, I noticed the Yahoo bot crawling the Forum. I wonder what it is trying to learn these days.
Victoria
Victoria
Inventor of the Bogleheads Secret Handshake |
Winner of the 2015 Boglehead Contest. |
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
Re: [500 million Yahoo accounts hacked, what should you do?]
There was an excellent quiz and article on the broader topic of data security impact in nytimes :
http://www.nytimes.com/interactive/2015 ... -quiz.html
I have made it policy not to give accurate data, such as birthdays, to companies like yahoo. They dont really need to know much about me to provide email services, so why give it to them ? If form fields like birthday are required, give them a date, just not your date. Banks I give the real date. So when a bank asks dob, yahoo hackers have the wrong date.
http://www.nytimes.com/interactive/2015 ... -quiz.html
I have made it policy not to give accurate data, such as birthdays, to companies like yahoo. They dont really need to know much about me to provide email services, so why give it to them ? If form fields like birthday are required, give them a date, just not your date. Banks I give the real date. So when a bank asks dob, yahoo hackers have the wrong date.
Re: [500 million Yahoo accounts hacked, what should you do?]
delete
Last edited by TT on Mon Feb 05, 2024 3:24 pm, edited 1 time in total.
Live Life Simple and Less Soft
Re: [500 million Yahoo accounts hacked, what should you do?]
delete
Last edited by TT on Mon Feb 05, 2024 3:24 pm, edited 1 time in total.
Live Life Simple and Less Soft
Re: [500 million Yahoo accounts hacked, what should you do?]
I have not seen any place to enter security questions either. My assumption is that I never had them in my Yahoo account.TT wrote:VictoriaF wrote:Today I went to my Yahoo account and changed the password. There were no security questions associated with my account.
Victoria
Can you tell me where the security questions would be located? I do not see any in my account info or in the account security. Does that mean I did not enter any?
Thanks
Victoria
Inventor of the Bogleheads Secret Handshake |
Winner of the 2015 Boglehead Contest. |
Every joke has a bit of a joke. ... The rest is the truth. (Marat F)
- oldcomputerguy
- Moderator
- Posts: 17930
- Joined: Sun Nov 22, 2015 5:50 am
- Location: Tennessee
Re: Yahoo says hackers stole info in 500 million user accounts
In my case it''s a paper document stored in the family safe. I challenge any hacker to download that.jebmke wrote:Stand alone encrypted data base. Store it offline. Crack proof and alzheimers proof - as long as someone else has a copy of the key. Memory is probably the worst place to store passwords or answers to security questions.littlebird wrote:O? Is that site hacker proof? Guaranteed? When they hack that site, they'll have all your data. And I'm sure some group is working on that right now. No thanx.
There is only one success - to be able to spend your life in your own way. (Christopher Morley)
Re: [500 million Yahoo accounts hacked, what should you do?]
Yes, but only a small amount of email at a time, maybe twenty messages. It's not like they can rummage through the embarrassingly large number of emails I have on my pc. Unless the hackers are sitting on the server for a long long time undetected.LadyGeek wrote:^^^ I also use thunderbird for email. I think you're missing the point that email sits on the server until it's read.
Yes, it's deleted off the server when thunderbird grabs it. Until then, it's on the server.
- pennstater2005
- Posts: 2509
- Joined: Wed Apr 11, 2012 8:50 pm
Re: [500 million Yahoo accounts hacked, what should you do?]
I change my passwords quite a bit now mostly because I can never remember them.
“If you think nobody cares if you're alive, try missing a couple of car payments.” – Earl Wilson
Re: What are you YAHOOERS doing?? [due to security breach]
I don't know if this is a coincidence or related, but my Yahoo email account was compromised. Friends on my contact list received email from "me" (had my name, but some 3rd party email address). Wasn't anything harmful as far as we could tell, but this could be just the beginning.boater07 wrote:I guess this issue still has me baffled.
With only a Yahoo email account, what can be obtained from that since it has no personal info.
About all I gave them is nickname and sex. I suppose, hackers could send me mail and try to trick me.
Also banks always ask for email address and a hacker would know where I have accounts but nothing more.
I do have some non/financial sites where the email is the user name.
Should I be loosing any sleep over this
Needless to say, I changed my password. (and I'm changing my passwords elsewhere as well) I also ran a virus and malware scan on my computer and it came up clear.
Also, I looked at recent activity, and in the last 30 days, there was no suspicious activity. (is there a way to see more than recent?) The account was a seldom used account, and the last email compromised was months ago, so they may have been holding on to this data for a while now.
So far, I haven't heard from any reports whether contact lists or email themselves were compromised from their servers, or if the hackers had to log into my account to get my information (somehow figured out my hashed password).
The only suspicious thing is that my My Account/Preferences/Locations and Languages/Favorites shows a bunch of international cities (which I haven't been to). Does anyone know what this list is? It's not where Yahoo thinks I'm logging in from is it? Because if that's what this is, then there's people from around the world that have been in my account. Scary!
Re: [500 million Yahoo accounts hacked, what should you do?]
TT wrote:
Is it recommended to add a recovery email address?
Also, by "clear your history", do you mean search engine history (Safari), or is there a Yahoo history?
If the latter, I can't find it.
Thank you, TT.Log into your account and in the upper right hand corner you will see you name -click on account info and it will display any personal info you entered.
I would advise opening account security and initiating the " two step verification" process also. FYI when you do this and you clear you history Yahoo will not recognize your computer and you will have to enter a code they will text you to gain access to your email. I just staring using this and it works fine.
Is it recommended to add a recovery email address?
Also, by "clear your history", do you mean search engine history (Safari), or is there a Yahoo history?
If the latter, I can't find it.
-
- Posts: 1290
- Joined: Mon Jan 20, 2014 11:14 am
Re: Yahoo says hackers stole info in 500 million user accounts
me too, although the yahoo account is only used as the required email account for facebook and comcast.goingup wrote:I'm batting a thousand this week. Wells Fargo customer with Yahoo email.
but on the other hand, i also got 100 shares of WFC in my play money account.
Re: [500 million Yahoo accounts hacked, what should you do?]
Inbox788 wrote:
The next morning, I went back to the link that proved to be a scam and the account was closed. The same phone number was used as a customer service number for HP, AT&T, AOL, Comcast etc. Those links had closed accounts as well.
Now, if I go to the bogus Yahoo Customer Service link, it says:
"Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."
And if I check on the HP, AT&T, AOL, Comcast "help sites" with this phone number, they are back in business.
After much searching on the Yahoo site, I discovered, Yahoo does NOT have a Customer Service number. Any help is done online, which is problematic to me since I have no way of knowing who has access to my inquiries regarding security.
Scary indeed. At the expense of revealing my ignorance regarding online security, here's what happened to me. I went into Yahoo Personal Info/Account Settings and superimposed on my avatar is a folder icon. I clicked on it and my entire hard drive showed up. Without consulting my young son who later explained the HD access was a way to upload an avatar image, I started searching for a Yahoo customer support number because I assumed other's could access my HD the same way. I couldn't find a customer service phone number within the Yahoo site, so I did a search and found a link with an 800 number for "Yahoo Customer Service". I called it and they asked for my email, name and BD. I gave them the first too, but not the BD because by the third question, I was beginning to suspect they were not legit. Next, I was told I had been hacked by someone in Russia and they could secure my account for $149. The bells went off, and I said, "I don't want to sound rude, but THIS sounds like a scam." SILENCE. He hung up on me. So, I gave away my Yahoo email and my name. Hopefully, it is not enough to do harm. I'm wondering if I should ditch my Yahoo email address altogether or change it or ignore the fact a scammer has it. Suggestions are very much appreciated.The only suspicious thing is that my My Account/Preferences/Locations and Languages/Favorites shows a bunch of international cities (which I haven't been to). Does anyone know what this list is? It's not where Yahoo thinks I'm logging in from is it? Because if that's what this is, then there's people from around the world that have been in my account. Scary!
The next morning, I went back to the link that proved to be a scam and the account was closed. The same phone number was used as a customer service number for HP, AT&T, AOL, Comcast etc. Those links had closed accounts as well.
Now, if I go to the bogus Yahoo Customer Service link, it says:
"Forbidden
You don't have permission to access / on this server.
Additionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request."
And if I check on the HP, AT&T, AOL, Comcast "help sites" with this phone number, they are back in business.
After much searching on the Yahoo site, I discovered, Yahoo does NOT have a Customer Service number. Any help is done online, which is problematic to me since I have no way of knowing who has access to my inquiries regarding security.
Last edited by teacher on Thu Oct 06, 2016 1:37 pm, edited 1 time in total.
Re: [500 million Yahoo accounts hacked, what should you do?]
By the way, I would like to change my email address for the Bogleheads website from Yahoo to Gmail. How is that done?
Re: [500 million Yahoo accounts hacked, what should you do?]
Click on your name/avatar in the upper right corner of this page >> User Control Panel >> Profile >> Edit account settings. Change your email, enter your password, and submit.teacher wrote:I would like to change my email address for the Bogleheads website from Yahoo to Gmail. How is that done?
Re: [500 million Yahoo accounts hacked, what should you do?]
THANKS, Duckie!