My email got hacked, need advice

I have a Yahoo email address which I've had for years. My wife called me last Thursday afternoon saying she'd just got a spam email from that account. No problem, I reset my password & all is good, right?

Wrong. I just went to check my email & received a message my password was incorrect. Now I know what the new password was, so I guess it got hacked again???

I went through their lost password procedure & chose "my account has been compromised", and reset my password again. But is there anything else I cen do to prevent future problems?

Gmail

Use a pass pharse with mixed case letters, numbers, and special characters. Obviously share with no one. Make it as long as they allow...

Be a little careful with the return address in the email your wife got. It is possible that it didn't come from your account at all. To keep it at a high level since I don't know how technical you are, it's not that hard to fake the "from" field. You will need to take a look at the header information to see where it exactly came from if you want to make sure. It still is worth a look in your sent mail as well, even though there is some malware that will delete what has been sent.

1st!!!! Run a full AV / Malware scan on your computer

then:

http://www.pctools.com/guides/password/

and change your security questions.

I've been through this 3 times with Yahoo in the last year - and I was actually paying for their primo service. I even exchanged emails with their auto,ated email support service for 2 months without getting any real person to email me, even though I pleaded for it in every email.

I'd been a paying customer for 7+ years and they can't even email me something that's not a chain letter? berkeley them. I'm on gmail now.

Oh, and all the security stuff mentioned above is a good idea too.

I had it happen to me two weeks ago. I changed my p/w and it hasn't happened again,...yet. I'm not going to be happy about changing my email address...

it seems like yahoo itself has been hacked, i got a spam email from a friend's yahoo account this morning.

i think this happens a lot more than email providers would like to let on. a couple years ago google claimed that the chinese were trying to hack them, but didn't succeed, but somehow my email got hacked and someone ordered a pricey laptop with my paypal

Thanks! Yes, it was still in my sent folder, so who/whatever did somehow hack it.

I wasn't too worried until last night when my password somehow got changed.

In reply to Datsun1500:

How does it work if you want to access something from another computer?

Is this software on your computer or a web based application?

Same happened to me...saw a couple of obvious spam messages in the sent items folder.

Did you have this account linked to Sony PS3 account? I did - I think that is where I was compromised.

Make sure they haven't changed/reset your email address that Yahoo uses to communicate with you.

My gmail was hacked by some tosser in Austria earlier this year. Luckily gmail detected "abnormal activity" and locked the account. I had to reactivate my email by sending them my cell phone number and entering the password they texted me. They monitor account activity and you can view the ip address and city of origin of the last 10 or so logins. I have Identity Guard and have not detected any credit activity or other hacking. I changed all my vital passwords as a precaution.

Datsun1500 wrote: They have a cloud option, synced through dropbox from what I remember.

Which is frightening considering they are relying on DropBox's security:

http://news.cnet.com/8301-31921_3-20072755-281/dropbox-confirms-security-glitch-no-password-required/

+1,000,000 to the pass phrase password solution. I would also add that they need to be changed at least once a year, if not once a quarter.

DO NOT USE THE SAME PASSWORD FOR EVERYTHING. If one password gets cracked (which is possible if it isn't a passphrase or the site's security sucks or they just log your key strokes by getting on your system) then they won't have the keys to the castle.

Datsun1500 wrote: I use a program called 1 password. It automatically generates random letters/numbers for passwords and stores them. When you want to log in somewhere you open one password to do it.

I'm using Roboform - a similar password generator/ form fill program. They have a cloud version that costs $10/year and is accesible from any browser. They use their own sync system and run 128bit encryption. I'm very happy with it so far.

There seems to be a lot of people with hacked yahoo accounts. I'm getting several spams now from yahoo accounts of people I know. Has anyone figured out what is causing it/how to stop it?

What's causing it? Someone in Southeast Asia has figured out all of Yahoo's security tricks. Seriously.

Both me and Mrs. Neon just had our Yahoo mails hacked. Our accounts are sending out spam about our "financial issues" with links...

Time to change my password and look at getting Gmail. I just don't want to have to swap everything over.

If it got compromised that easily, It's entirely possible you've got malware keyloggers on at least one of your rigs. I'd do whatever guy that said do AV stuff said to do.

FWIW, I haven't had any more problems with my email.

Also use Google's two-stage authentication.