Monday, August 27, 2007

How To Regain Access to Your Yahoo Account After It's Been Hacked

Exactly one week ago today my Yahoo account was hacked into and the password was changed. That meant I could no longer access it. Since then I've been trying to figure out what to do about it. I immediately notified Yahoo by email (via the instructions they provide for such things). And I've been waiting to hear back from them ever since (some message boards indicated that this could take up to a week). Today I got fed up and started searching for phone contact information for Yahoo so I could follow up on what if anything has been done.

It wasn't easy to find additional contact information for Yahoo but I did finally come across a phone number. I called the number and much to my surprise the call was answered immediately, by a human being (OK, he had a foreign accent and was a little hard to understand... but still, he was human!). I explained that I've been waiting a week to hear from them and the person I spoke to apologized and said he would help me reset my password. He checked into the account and asked me a series of questions to establish who I was and then immediately sent me an email with a temporary password to my backup email address. I was able to instantly get into my account and reset the password... and then the horror began.

My inbox was FULL of emails from people who were responding to my "winning bid" on eBay. As it turns out, the hacker was using my eBay id and Yahoo email account to shield his fraudulent activity. He bid on items (all electronics, from home theater systems, to laptop computers, to cameras and PDAs) then sent emails to the sellers indicating that he'd made his payment and requested the items be sent to his daughter's address in Nigeria. I was just sick by what I saw. There were over a hundred emails of back and forth correspondence with sellers. I didn't read every email but of the ones I read, no one had fallen for this rouse. The total amount of items the hacker had bid on and won in the last week was just under $7,000.

So next I checked my PayPal account to see if he'd gotten access to that account as well. I didn't think he had because I've been monitoring my credit card accounts to see if I was becoming the victim of ID theft (I didn't see any unauthorized use of my cards so I didn't think this was the case, but still, you never know). My PayPal account is not "verified" so I didn't have to worry about my bank account being accessed. I didn't remember having any account numbers sent to the Yahoo email address but I've had it for about 10 years... long before hackers and phishers became the threat they are today. I can't remember what might have been sent to that account 8-10 years ago. Anyway, my PayPal account looks fine. It turns out my credit card had expired and I didn't realize it, so he couldn't use it either :-) Sometimes a lapse of memory is a good thing!

Next I contacted eBay via their Live Chat. I explained the situation and waited while they looked into it. It took several minutes but they responded that they were already taking steps to deal with the fraudulent activity on my account. They sent me an email with a temporary password and instructed me to immediately login and change it. They also told me that they would take what steps were necessary to repair my reputation on eBay (as you can imagine, there were a lot of people angry with me when they realized that I didn't actually pay them). I assume that meant they would change my rating to eliminate the negative comments made by irate sellers.

So at this point I'm giving a big sigh of relief. It seems like my eBay reputation is all that has been compromised and hopefully that won't be for long. I'll keep monitoring my accounts for unauthorized activity but I'm thinking this particular hacker was just looking for an email account for his eBay scam. All of the email folders and contents that were there when the account was hacked still seem to be intact. Thank goodness for that. And now that I have changed my password and can access the account again I can go back to using my old Yahoo address. So any of you who have emailed me in the past can once again use the email address you have on file for me.

Lessons learned: If you suspect your Yahoo account has been hacked...
  1. Go to another computer, or at least a different browser, and try to login to your account.
  2. Assuming you can't get in, don't bother looking for Yahoo's preferred method of contacting them (they never did respond to my initial email alerting them of my problem). Instead, contact their Account Verification department - open 7 days a week from 6am - 6pm Pacific Standard Time. They can verify you over the phone and answer any additional questions you have about your account. The Account Verification Department can be reached at: 866-562-7219 *Press Option 2, then Option 2 again for password assistance.
The gentleman I spoke with at Yahoo couldn't have been nicer... a little easier to understand, yes, but nicer, no. It's a shame that Yahoo doesn't give these simple instructions out on their web site in an easy-to-find place. I assume that's because they don't want to be bombarded with phone calls. But so many people were needlessly made a part of this hacker's scam due to Yahoo's poor method for dealing with a hacked email account. I was online when the email came in letting me know my account password had been changed. If I could have gotten this contact info for Yahoo in the first few hours it would have made all the difference and stopped the hacker in his tracks before his did his damage. Oh well. Lessons learned.

11 comments:

  1. Absolutely incredible! So sorry this happened, Jasia!

    ReplyDelete
  2. Thanks Miriam. I'm just glad it's behind me (at least I hope it is).

    ReplyDelete
  3. whew. condolences. congrats. linked to and posted.

    ReplyDelete
  4. Hi, Jasia,

    Glad you got it settled. A few years ago, I had a domain problem and it took forever to get to a human being - although I finally got through and the problem was fixed. Yahoo does not make it easy for their customers to phone in. So double good for you in pursuing this.

    ReplyDelete
  5. Jasia:

    I have felt for you. I once had my email taken over and hundreds of thousands of messages sent under my name selling Viagra.

    Each day I was getting several hundred returns as well as people yelling at me!

    Not anything as bad as your situation. I am so sorry for you and I hope it's all over, baby.


    fM

    ReplyDelete
  6. Thanks for your comment fM. It really does help to know I'm not the only victim out there. I'm sorry for what you had to go through though. I wouldn't wish that on anyone. Well, maybe someone at Ancestry ;-)

    ReplyDelete
  7. I see that I am not the only one who has a nightmare with Yahoo.I was hacked and the hacker went into my address book and started sending out emails to people saying that I was on a research project in the UK and someone robbed my hotel room and took my " mobile" phone. Asking to send $1850 to a western union with a street address. This took place before 8/12/07 and I reported it to Yahoo and todate[ 9/6/07] I still can not get Yahoo to help me because the hacker has changed my information [ I believe my security question & answer as well] I have gotten to the point where I believe I need an Attorney to deal with Yahoo and the problem. Does anyone have any suggestions on a Attorney? I never gave anyone but Yahoo my pass word . Tony

    ReplyDelete
  8. Hello fm, sounds like you had the same rough time as I. You have my empathy and understanding. I called a number in Sunnyvale,Ca. and still got the same run around as you but the polite voice on the other end would not help me. I asked to speak to someone of authority and was told there was no one there to talk to but Mickey, the CSRep. I am still unable to sign in. I am at my wits end. gaetano

    ReplyDelete
  9. The EXACT same thing minus the ebay bit happend to me. The SOB sent me an IM from someone on my friends list wanting me to click a link to view pics he then changed my password locking me out and stole pictures off my computer. I have no idea what else was stolen since all this happend about 24 hours ago but so far I haven't seen anything charged to my credit or debit accounts. Some people are just sick!

    ReplyDelete
  10. THANK YOU SO MUCH for posting this information on here! I had a very similar experience a little over a week ago, and it took me six days of wrangling with Yahoo! including them basically giving up on me before I came across your info, the phone number you posted and the options to select. After a brief conversation, and a few attempts, I finally got access to my account back. What a difference speaking to someone LIVE makes! Your post definitely was an early Christmas gift, and made such a huge difference and massive weight off my shoulders. Once again, THANK YOU VERY MUCH!!!

    Sincerely,
    Kyle

    ReplyDelete
  11. Well, apparently, I just have a serious case of permanent bad luck. I have tried multiple times to get an understanding person on the line, but to no avail. A while back, a spambot hacked my acct thru Yahoo msgr (had a pop-up iM with a pw-stealing link, I went to get rid of it but clicked the linked accidentally instead of the X) and then changed all my info, and I've been locked out of my acct ever since!

    And no matter how many times I try to explain my situation to someone @ Yahoo, they just repeatedly quote "blah blah we have to do a verification *process* blah blah" instead of actually *listening* to what I have to say. Which is, that I have clear and concrete proof that my account is mine and has been ever since March 1999, and you can even SEE the proof here: http://web.archive.org/web/20050829183053/http://profiles.yahoo.com/SimbiAni I am STiLL reachable at both that email and the #! How much more obvious can you get?? AND I can access my groups from my email as well- I even still get group msgs!

    But no one cares, it's all, "what's the info you signed up with??" over and over again. Excuse me for forgetting some random info from over a decade ago, but I would still like to save my GeoCities site before it is poofed into nothingness! Do they not have the power to already kno the info on the acct without me having to tell them? Sigh. Whatever.

    Thanks for the number anyways! (I actually got it off another site, but was Googling it for other ppls' experiences)

    ReplyDelete