Yahoo hack: What do you do if your account was hacked?

Yahoo announced Thursday that at least half a billion people had their email accounts hacked in late 2014. In a press release, Yahoo said a “state-sponsored actor” was responsible for the theft – meaning, likely, Russia or China.

If you’re looking for some good news in this situation, here it is: the hackers did not get into everyone’s account. Thankfully, Yahoo protects accounts with “hashing,”  a type of cryptography that is used to protect passwords, so there is a chance the hackers missed you.

However, those of us who use common passwords – looking at you “12345” – are less likely to have escaped unscathed.

Not only are Yahoo email accounts at risk, but Yahoo also owns Flickr and some of those accounts could have been hacked. Yahoo owns Tumblr, too, but they say no Tumbler accounts were affected.

 So, whether you know if you’ve been hacked or not, here’s what you need to know and need to do if you have a Yahoo account.

1. Change your password – It seems like a closing-the-barn-door-after-the-horse-is-out moment, but not really. Change your account password in case you were not hacked and to stop anyone who has your password from getting back in. Do that now.

2. While we are on that subject, do not use the same password for other accounts. Using “password1” for everything is like opening gifts on Christmas to a hacker.  

    How do you come up with a secure password? Check this method. It’s a bit of work, but it will be worth it. Yahoo also suggests you enable two-factor authentication (2FA) – a two-step verification process that requires a password and username plus some other bit of information to get into an account.

       Check here for a list of websites that support 2FA. 

      3.  If you have been hacked, Yahoo will notify you and will invalidate unencrypted security questions and answers. So those questions about the color of your first car, or your mother’s maiden name won’t work soon. By the way, you should make up not-so-common answers for those questions, too.

        From Yahoo, here are the signs of a hacked account and what to do.

        Signs your account has been hacked

        • Your account information has changed without your knowledge. 
        • You aren't receiving expected emails.
        • Your Yahoo Mail account is sending spam.

          What to do now

          Stop your account from sending spam

            Receiving spam is one thing. Getting reports of spam coming from your account is another. If your account's been hacked to send spam, you can fix it! The fastest way to stop your account from sending spam is to secure your account by creating a new, strong password or enabling Account Key. 

            Report a forged (spoofed) email

              Forged messages are emails that appear to be sent from your email address, but they're actually sent from an entirely different email account. If your Yahoo Mail is secure, but people are still getting spam that looks like it comes from your address, it's probably a forged, or "spoofed," email.

              1. View the full header of the email in question.
              2. From the last Received line of the full header, take note of the originating IP address.
                - This corresponds with the sender's Internet Service Provider (ISP).
              3. Conduct an IP lookup through a site like to determine which ISP provides the sender with Internet access.
              4. Contact the sender's ISP to request that appropriate action be taken.

              Email providers can't prevent such forgery, but if fraud is identified, action can be taken.

              Review your Yahoo Mail settings

              • Delete email contacts that you don't recognize.
              • Delete linked Mail accounts that you don't recognize or control.
              • Change your password on any linked accounts that you control.
              • Make sure your vacation response is turned off. 
              • See if someone else has been accessing your account.

              Other commonly changed Yahoo Mail account settings:

              • Signature
              • Sending name
              • "Reply-to" address
              • Mail Forwarding
              • Filters
              • Banned Addresses

              Restore missing email, IMs, and Contacts

              If you're missing emails, IMs, or Contacts, it's possible that you can restore your lost or deleted email and IMs. You may also be able to recover lost contacts.

              Check your computer for malware

              Malware can corrupt your system and capture sensitive information, like passwords and bank account numbers. There are several anti-malware programs you can find online that detect and remove malware on Macs and PCs. 

Reader Comments

Next Up in News

Grocer, food service distributor hiring in Butler County
Grocer, food service distributor hiring in Butler County
Two Butler County-based food businesses are serving up nearly 200 jobs.Jungle Jim’s International Market is looking to hire 190 employees between its...
Charges approved for Kettering home invasion suspect
Charges approved for Kettering home invasion suspect
A day after being released from a 12-month prison sentence, a Kettering man allegedly broke into a Kettering home and assaulted an adult female...
Boy, hoping to dine on 'squirrel dumplings,' brings dead squirrel to school
Boy, hoping to dine on 'squirrel dumplings,' brings dead squirrel to school
An 8-year-old Oklahoma boy surprised his mom, his teachers and his elementary school principal when he told them he put a dead squirrel in his...
Clark County Municipal Court cases
Clark County Municipal Court cases
CASES CALLED WEDNESDAY INCLUDED:Amber Adkins, 24, of South Charleston, child endangering amended to attempted child endangering, guilty, 30 days jail...
Superintendent says worker who resigned over ‘lunch shaming' never told to take away student's lunch
Superintendent says worker who resigned over ‘lunch shaming' never told to take away student's lunch
Canon-McMillan School District Superintendent Michael Daniels spoke with WPXI on Thursday to clear up what he calls misinformation concerning a...
More Stories

You have reached your limit of free articles this month.

Enjoy unlimited access to

Starting at just 99¢ for 8 weeks.


  • ePAPER

You have read of free premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and bonus content- exclusively for subscribers. Starting at just 99¢ for 8 weeks.


Welcome to

This subscriber-only site gives you exclusive access to breaking news, in-depth coverage, exclusive interactives and bonus content.

You can read free articles of your choice a month that are only available on