logo
Mobile
Smartphones
Tablets
Smartwatch & Wearables
Telco
PC
Laptops
Monitors, Input Devices & Accessories
PC Components
Storage
Networking & Security
Lifestyle
Audio
Video
Photography
Smart Home
AI
Cars
Apps & Software
Entertainment
Gaming & Culture
TV & Movies
Guides
How To
Tips
DealsEditor's Picks
Follow Us
Connect with us and stay updated with the latest news and promotions from us! Sign up now!
Lifestyle | Apps

What to do if you have a hacked Yahoo email account

Yahoo has a shockingly shoddy history of security lapses, with more than 1 billion user accounts compromised. At this point, everyone who has a Yahoo email account should assume too things: Your account has been compromised, and it is no longer safe to use now and into the future.

By Alvin Soon - 

Yahoo's shocking shoddy history of security lapses

Updated 4/10/17: Yahoo now says that all 3 billion users were compromised in 2013, up from the 1 billion accounts previoulsy listed.

In 2016, Yahoo revealed that 500 million accounts had been breached in late 2014, with personal information like names, email-addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords being stolen.

Yahoo had apparently been aware of the breach last August when cybercriminal “Peace” advertised the sale of 200 million Yahoo users’ information on the dark web. Yet, the company didn’t issue a password reset or an official announcement until late September.

Last December, Yahoo once again announced that it’d found a previously undetected breach of data from 2013 of more than 1 billion user accounts. This was a separate and distinct hack from the one before.

It didn’t end there. Just last week, Yahoo warned that some users may have had their accounts hacked as recently as last year, not just in 2013 or 2014.

News outlets like Recode, the New York Times and Business Insider, have sources revealing a dysfunctional attitude in Yahoo about security issues, which were “pushed down, dismissed, or out-and-out ignored.”

 

What to do if you have a Yahoo email account?

At this point, everyone who has a Yahoo email account should assume two things: Your account has been compromised, and it is no longer safe to use now and into the future.

Here’s what I’d suggest you do if you have a Yahoo email account:

  • First, we’re going to secure it.
  • And secondly, we’re going to pivot away from it.

(I explain why you shouldn’t simply delete your Yahoo account in the later part of this article.)

Note: I realize there’s a chance you might just read this post and forget about it. If nothing else, I strongly suggest you skip all the way to the end of this article and change your password recovery address away from Yahoo. That alone will save you a lot of potential heartache and trouble.

 

How to secure your Yahoo email account


1. Change your password immediately

If you haven’t already done so, change your password immediately to lock out anyone who might have access to your account. Do it again even if you had already changed your password after the news of the previous breaches from 2013-14, because of the new breaches that may have happened just last year.

Make your new password different from your previous one. If your previous password was ‘password123,’ for example, don’t use ‘123password.’

The easiest way to make a strong password is to use a password manager, which I highly recommend. If not, here’s one method to help you create a stronger password. Whatever you do, never use these 25 passwords.


2. Turn on two-step verification on your Yahoo account

Two-step verification adds another layer of security to your Yahoo account, by requiring a special code that’s sent to your personal device to unlock your Yahoo email account.

Here’s how to do it.



Next: How to move away from your Yahoo email account

How to move away from your Yahoo email account

Yahoo’s record of hacks is enough to make anyone lose confidence in their present and future ability to keep your data safe.

That’s why I’d suggest you move away from your Yahoo email account if you use it as a primary address. Treat it as a ‘throwaway’ address from now that’s insecure and one that you’d hardly use.

At the same time, I’d recommend you not to delete your Yahoo email address, even though that seems like the easiest way to pivot away from a Yahoo account. That’s because Yahoo recycles inactive email addresses back to the public for new registrations (to be fair, Microsoft does that too).

If you’ve been using your Yahoo email address a while, you don’t want people sending emails meant for you to a stranger who grabbed your recycled address. That’s why I suggest you take the time to secure your Yahoo account, even though you’re not going to use it anymore. Keep it, but move away from it.

 

1. Sign up for a new primary email address elsewhere

If you don’t already have one, sign up for a new primary address elsewhere, like Google’s Gmail or Microsoft’s Outlook. If you’re a little more tech-savvy, you can even consider email services like Fastmail or Proton Mail.

 

2. Export your email and contacts

If your Yahoo emails and contacts are important to you, you can export them to your new primary address.

Here’s how to import your Yahoo emails into Gmail.

Here’s how to import your Yahoo emails into Outlook.

 

3. Delete the emails and contacts in your Yahoo account (optional)

Given Yahoo’s bad history of security breaches, I’d suggest you treat your Yahoo account as insecure from now on. Consider that hackers can and will get access to your Yahoo emails now and in the future, if they haven’t done so already.

If you have sensitive emails and attachments in your Yahoo account, I’d suggest you delete them. Remember to empty the trash too.

If you still want to keep these emails, see the previous step on how you can export them to your new primary address, and check that those emails have been safely ported over before deleting anything.

If there’s nothing terribly sensitive or important in your emails, then you can either consider deleting them or leave them intact.

 

4. Change your password recovery address away from Yahoo

If you only do one thing from reading this, I highly recommend you do this. If you have any vital accounts, like Facebook, iCloud or Dropbox, that use your Yahoo email account as the main address, change it immediately to another email address.

The reason for that is if someone has access to your Yahoo email account, he or she can easily go to other common services and request for a password reset. That password reset will go to your Yahoo address, in which case your hacker can reset the password and gain access to another one of your accounts.

Go through your key accounts — especially those that have your credit card details — and check if you’re using your Yahoo email address as the main login and contact address. If so, switch it to your new primary address. A list of common services includes Amazon, Dropbox, Facebook, Google, iTunes, Twitter.

Is all this necessary or are you just overreacting?

I realize there’s quite a bit to do here, but unfortunately, Yahoo’s security lapses show no reason why we should continue using its email service. With more than 1 billion accounts breached, your personal details, including your email and passwords, are more than likely in the wild right now. The damage, whether you like it or not, has already been done.

Bookmark this page and spend an hour or two to contain that damage. If you find this guide useful, share it with your friends who also have Yahoo accounts.

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.

Tags

yahoointernet securityhow-to
Share this article