Email hack attempt failed. Make changes anyway?

GanChan

macrumors 6502a
Original poster
Jun 21, 2005
600
25
I have a Yahoo account with a super-strong password. In addition to my two Yahoo email addresses, the account is connected to my Google Mail (which also has a super-strong passord) and my home internet provider's web mail (relatively weak password, but will change that).

Today my mobile phone, Yahoo mailbox and personal webmail box all notified me that "your account activity shows that you tried to recover your account password for Yahoo! ID [personal email handle]." From a glance at my account activity, I don't see any successful logins by anyone other than myself, so I'm assuming the attempted hack failed.

I've gone in and added 2nd verification just to beef things up further. Anything else I need to do, or should I count on the super-strong password and 2nd verification to do the job?
 

snberk103

macrumors 603
Oct 22, 2007
5,503
87
An Island in the Salish Sea
I don't know Yahoo at all... so this is just 'brainstorming'....

Look at the wording of the message carefully. There is a difference between "attempted to recover" and "successfully recovered". I don't know what wording Yahoo uses in each case, but you should be able to figure it.

In the 1st case, someone may have attempted to recover your password by hoping that you had used "Golden Spaniel" as name of your 1st school (or whatever the security question was). In which case your password is still perfectly safe. It is just as unknown now as it was before the attempt.

If the wording seems to indicate that the password was recovered, then you need to change them now. Pronto. Before the hacker can change it on your behalf. But the wording seems to show it was merely an attempt. It could have been someone with a similar name who had mistyped their username and trying to figure out why their password didn't work.

However, if you get more notices like this... I would be worried, not about the password, but the security question(s) - if that is the way the account is secured. It may mean that someone thinks they know enough about you to guess the answer(s). You might want to review those, and ensure they are obscure enough. As well, if they think they can reset the password then they also believe they have access to the email account that the new password will be sent to.

But... I suspect, if there is just one notice, that it was someone trying to figure out why their password didn't work after they mistakenly typed your ID instead of theirs.
 

GanChan

macrumors 6502a
Original poster
Jun 21, 2005
600
25
Yeah, it specifically said "tried to recover your password," which tells me that the password itself was not breached successfully. My secret questions would not answerable by the general public. Hopefully the 2nd verification step I just added will make things even more secure.

I've created a new, strong password for the linked personal webmail account. I've also disconnected the link to Gmail.
 

TedM

macrumors 6502
Sep 19, 2012
356
2
California
I have a Yahoo account with a super-strong password. In addition to my two Yahoo email addresses, the account is connected to my Google Mail (which also has a super-strong passord) and my home internet provider's web mail (relatively weak password, but will change that).

Today my mobile phone, Yahoo mailbox and personal webmail box all notified me that "your account activity shows that you tried to recover your account password for Yahoo! ID [personal email handle]." From a glance at my account activity, I don't see any successful logins by anyone other than myself, so I'm assuming the attempted hack failed.

I've gone in and added 2nd verification just to beef things up further. Anything else I need to do, or should I count on the super-strong password and 2nd verification to do the job?
Careful son. Occasionally when targeted with Phishing programs hackers use this to make sure you reset your password. They they know it due to maleware on your computer. Check your computer for spyware first then probably change it.
 

GanChan

macrumors 6502a
Original poster
Jun 21, 2005
600
25
Just to be safe, I also replaced my super-strong password with another equally strong password, changed all my passwords on various critical sites, removed all my aliases and alternate email addresses (Yahoo can still contact me by mobile phone if necessary), and changed my security questions. That'll learn 'em.:cool:
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.