Yahoo email account passwords stolen

There was a major security breach involving Yahoo email users who had their information and passwords stolen.
January 30, 2014 12:00:00 AM PST
There was a major security breach involving Yahoo email users. Their usernames and passwords have been hacked and Yahoo is not revealing how many of its 273 million users are affected. ABC7 News looks into what you can do to protect yourself.

The only reference you will find to the latest Yahoo email security breach is on the company's blog. Yahoo admits hackers used malware to steal user names and passwords to access email accounts.

"Here's the scary thing, they should have at least known of the breach," said Tech analyst Rob Enderle.

Enderle thinks Yahoo was under-secured and still probably doesn't know exactly how this happened. Yahoo itself hasn't said how many customers are affected. Still, this breach could lead to identity and bank account theft, since people often use their email address as their user ID on other accounts.

"The potential liability and damage to Yahoo's brand if a lot of people are hurt would be immeasurable," said Enderle.

This breach is now the second problem in two months for Yahoo. In December the company had a massive email outage that lasted for days.

Many Yahoo email users didn't even know about the compromised accounts. No official notification went out to all users.

"I think that's negligent on their part... to not say anything," said Doug Ahlquist of San Jose.

"I use it for pretty much everything. So I'm really concerned. I'm worried that people have all of my data going back years," said Kristie Ramirez of San Jose.

Ramirez is a long time Yahoo user. As soon as we told her about the breach, she changed her password on the spot. Experts recommend that everyone do the same.

Yahoo said in a blog post on its breach that "The information sought in the attack seems to be names and email addresses from the affected accounts' most recent sent emails."

That could mean hackers were looking for additional email addresses to send spam or scam messages. By grabbing real names from those sent folders, hackers could try to make bogus messages appear more legitimate to recipients.

Yahoo said it is resetting passwords on affected accounts and has "implemented additional measures" to block further attacks. The company would not comment beyond the information in its blog post. It said it is working with federal law enforcement.

The Associated Press contributed to this report.

Load Comments