My wife started sending me emails about male enhancements around 3am Saturday morning. I first took slight offense to this but quickly realized they were addressed to everyone in her address book. Her Yahoo email account had been hacked.
We updated her account password, alerted Yahoo security via a basic form on the Yahoo site, and added a "sign-in seal" to the account.
But really, this should not have happened in the first place. There's a page in the Yahoo accounts menus that shows you the last 20 or so places you've logged in from. There's a bunch from our hometown and then a couple in France. She's never logged into Yahoo from France. Ever. Shouldn't Yahoo be throwing a red flag on that and displaying some of the maiden name, first pet name questions?
The other disappointing piece of this is that there's no "sign me out of everywhere" button, you can only opt to be signed out every day.
This is really terrible security. I haven't forced her to switch to Gmail yet but I probably will strongly urge her to do so in the coming weeks.
- Gmail has two factor authentication which practically eliminates this.
- Gmail has a button to sign you out everywhere
- I *think* Gmail has something if you're logging in from a different country ( but I'm not positive on that )