Monday, August 27, 2007

How To Regain Access to Your Yahoo Account After It's Been Hacked

Exactly one week ago today my Yahoo account was hacked into and the password was changed. That meant I could no longer access it. Since then I've been trying to figure out what to do about it. I immediately notified Yahoo by email (via the instructions they provide for such things). And I've been waiting to hear back from them ever since (some message boards indicated that this could take up to a week). Today I got fed up and started searching for phone contact information for Yahoo so I could follow up on what if anything has been done.

It wasn't easy to find additional contact information for Yahoo but I did finally come across a phone number. I called the number and much to my surprise the call was answered immediately, by a human being (OK, he had a foreign accent and was a little hard to understand... but still, he was human!). I explained that I've been waiting a week to hear from them and the person I spoke to apologized and said he would help me reset my password. He checked into the account and asked me a series of questions to establish who I was and then immediately sent me an email with a temporary password to my backup email address. I was able to instantly get into my account and reset the password... and then the horror began.

My inbox was FULL of emails from people who were responding to my "winning bid" on eBay. As it turns out, the hacker was using my eBay id and Yahoo email account to shield his fraudulent activity. He bid on items (all electronics, from home theater systems, to laptop computers, to cameras and PDAs) then sent emails to the sellers indicating that he'd made his payment and requested the items be sent to his daughter's address in Nigeria. I was just sick by what I saw. There were over a hundred emails of back and forth correspondence with sellers. I didn't read every email but of the ones I read, no one had fallen for this rouse. The total amount of items the hacker had bid on and won in the last week was just under $7,000.

So next I checked my PayPal account to see if he'd gotten access to that account as well. I didn't think he had because I've been monitoring my credit card accounts to see if I was becoming the victim of ID theft (I didn't see any unauthorized use of my cards so I didn't think this was the case, but still, you never know). My PayPal account is not "verified" so I didn't have to worry about my bank account being accessed. I didn't remember having any account numbers sent to the Yahoo email address but I've had it for about 10 years... long before hackers and phishers became the threat they are today. I can't remember what might have been sent to that account 8-10 years ago. Anyway, my PayPal account looks fine. It turns out my credit card had expired and I didn't realize it, so he couldn't use it either :-) Sometimes a lapse of memory is a good thing!

Next I contacted eBay via their Live Chat. I explained the situation and waited while they looked into it. It took several minutes but they responded that they were already taking steps to deal with the fraudulent activity on my account. They sent me an email with a temporary password and instructed me to immediately login and change it. They also told me that they would take what steps were necessary to repair my reputation on eBay (as you can imagine, there were a lot of people angry with me when they realized that I didn't actually pay them). I assume that meant they would change my rating to eliminate the negative comments made by irate sellers.

So at this point I'm giving a big sigh of relief. It seems like my eBay reputation is all that has been compromised and hopefully that won't be for long. I'll keep monitoring my accounts for unauthorized activity but I'm thinking this particular hacker was just looking for an email account for his eBay scam. All of the email folders and contents that were there when the account was hacked still seem to be intact. Thank goodness for that. And now that I have changed my password and can access the account again I can go back to using my old Yahoo address. So any of you who have emailed me in the past can once again use the email address you have on file for me.

Lessons learned: If you suspect your Yahoo account has been hacked...
  1. Go to another computer, or at least a different browser, and try to login to your account.
  2. Assuming you can't get in, don't bother looking for Yahoo's preferred method of contacting them (they never did respond to my initial email alerting them of my problem). Instead, contact their Account Verification department - open 7 days a week from 6am - 6pm Pacific Standard Time. They can verify you over the phone and answer any additional questions you have about your account. The Account Verification Department can be reached at: 866-562-7219 *Press Option 2, then Option 2 again for password assistance.
The gentleman I spoke with at Yahoo couldn't have been nicer... a little easier to understand, yes, but nicer, no. It's a shame that Yahoo doesn't give these simple instructions out on their web site in an easy-to-find place. I assume that's because they don't want to be bombarded with phone calls. But so many people were needlessly made a part of this hacker's scam due to Yahoo's poor method for dealing with a hacked email account. I was online when the email came in letting me know my account password had been changed. If I could have gotten this contact info for Yahoo in the first few hours it would have made all the difference and stopped the hacker in his tracks before his did his damage. Oh well. Lessons learned.