Email hack attempt failed. Make changes anyway?

Discussion in 'Community Discussion' started by GanChan, Oct 5, 2012.

  1. GanChan macrumors 6502a

    Joined:
    Jun 21, 2005
    #1
    I have a Yahoo account with a super-strong password. In addition to my two Yahoo email addresses, the account is connected to my Google Mail (which also has a super-strong passord) and my home internet provider's web mail (relatively weak password, but will change that).

    Today my mobile phone, Yahoo mailbox and personal webmail box all notified me that "your account activity shows that you tried to recover your account password for Yahoo! ID [personal email handle]." From a glance at my account activity, I don't see any successful logins by anyone other than myself, so I'm assuming the attempted hack failed.

    I've gone in and added 2nd verification just to beef things up further. Anything else I need to do, or should I count on the super-strong password and 2nd verification to do the job?
     
  2. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #2
    I don't know Yahoo at all... so this is just 'brainstorming'....

    Look at the wording of the message carefully. There is a difference between "attempted to recover" and "successfully recovered". I don't know what wording Yahoo uses in each case, but you should be able to figure it.

    In the 1st case, someone may have attempted to recover your password by hoping that you had used "Golden Spaniel" as name of your 1st school (or whatever the security question was). In which case your password is still perfectly safe. It is just as unknown now as it was before the attempt.

    If the wording seems to indicate that the password was recovered, then you need to change them now. Pronto. Before the hacker can change it on your behalf. But the wording seems to show it was merely an attempt. It could have been someone with a similar name who had mistyped their username and trying to figure out why their password didn't work.

    However, if you get more notices like this... I would be worried, not about the password, but the security question(s) - if that is the way the account is secured. It may mean that someone thinks they know enough about you to guess the answer(s). You might want to review those, and ensure they are obscure enough. As well, if they think they can reset the password then they also believe they have access to the email account that the new password will be sent to.

    But... I suspect, if there is just one notice, that it was someone trying to figure out why their password didn't work after they mistakenly typed your ID instead of theirs.
     
  3. GanChan thread starter macrumors 6502a

    Joined:
    Jun 21, 2005
    #3
    Yeah, it specifically said "tried to recover your password," which tells me that the password itself was not breached successfully. My secret questions would not answerable by the general public. Hopefully the 2nd verification step I just added will make things even more secure.

    I've created a new, strong password for the linked personal webmail account. I've also disconnected the link to Gmail.
     
  4. TedM macrumors 6502

    Joined:
    Sep 19, 2012
    Location:
    California
    #4
    Careful son. Occasionally when targeted with Phishing programs hackers use this to make sure you reset your password. They they know it due to maleware on your computer. Check your computer for spyware first then probably change it.
     
  5. GanChan thread starter macrumors 6502a

    Joined:
    Jun 21, 2005
    #5
    Just to be safe, I also replaced my super-strong password with another equally strong password, changed all my passwords on various critical sites, removed all my aliases and alternate email addresses (Yahoo can still contact me by mobile phone if necessary), and changed my security questions. That'll learn 'em.:cool:
     
  6. snberk103 macrumors 603

    Joined:
    Oct 22, 2007
    Location:
    An Island in the Salish Sea
    #6
    Or, it was just someone with a similar user ID, trying to figure out why their password stopped working..... :)

    .... it's that damn caps lock key, at it again....
     

Share This Page