How To Reset Your Password If Your Yahoo Account Is Hacked

A friend of a friend’s Yahoo account was hacked and now all the guy’s personal and professional contacts are getting emails saying that he’s stuck in Africa and needs to be wired money immediately. Here’s some solutions we found that might help him reset his password.

  • Call 866-562-7219, press 2, press 2. Be ready to provide DOB, date account was hacked, some details about the last emails you accessed, and the answer to your secret question.
  • Repeatedly email customer service at mail@cc.yahoo-inc.com
  • Email account-security-help@cc.yahoo-inc.com, in the subject line, put your old password.
  • Call 1-(408) 349-1572, tell them you’re a premium member (even if you’re not), they will transfer you to password department.
  • Have you ever gotten your Yahoo account hacked? How easy/hard was it to regain control of it?

    What You Can Do If Your Yahoo Account is Hacked [Castle Cops]
    (Photo: www.DaveWard.net)

    Comments

    Edit Your Comment

    1. abercrombie121 says:

      I got hacked, and never got control of it again

    2. mstanisl says:

      “Email account-security-help@cc.yahoo-inc.com, in the subject line, put your old password.”

      I think that if you are using your password (whether or not it is current for THAT account) as part of a subject line in an e-mail, you’re asking for more than your Yahoo! account to get “hacked”.

      Unless every single person reading this and actually using it as advice has a completely secure medium to transmit e-mail or connect to their IMAP server, you are putting your other accounts that you probably use the same password with, to be “hacked”.

      It’s no mystery that people are getting their accounts taken with practices like this.

    3. Buran says:

      Or switch to another service that can actually help you if something goes wrong.

    4. SJActress says:

      @abercrombie121:

      Same here. E-mailed consumerist about it. I’ve been trying to get it back since May 2007.

      The biggest problem is that they want the answer to your security question, but won’t tell you what the flipping question is!

      GRRRR!

      Going to try this though.

    5. BigNutty says:

      What a pain in the ass this is. I don’t have to worry too much though as no one would send money to bail me out of Africa or anywhere else including jail.

    6. darkclawsofchaos says:

      hmmm… too bad I use my email for other stuff, some are in a worse position like some passwords are actually emailed to those accounts,

    7. chiieddy says:

      Some years ago, someone took my ‘caffeine@yahoo.com’ ID. I was able to rescue some digital pictures from the photos.yahoo.com via right-click and save but never got access again…

      I think someone wanted to game with it on Yahoo games.

    8. quail says:

      Got to admit, that’s one thing I like is Yahoo aliases. If you go commenting within groups or answers your true identity isn’t out there for someone to try and take control over. Plus I only use Yahoo and hotmail email for sites that require registration.

    9. Kryndis says:

      Yahoo was totally unhelpful when it looked like my account had been hacked (as it turns out, there was some error on their end and the account started working again on its own days later). I tried to get them to reset my password, but despite having multiple forms of proof of my identification (including email records dating back for years, a credit card number that I had used in the past with Yahoo merchants, and the fact that the gap between my account working and then suddenly stopping working was only 10 minutes, meaning that any logs they had would have made it extremely clear what had happened if they had only bothered to check them), they refused to do anything because I apparently couldn’t remember the answer to my secret question. Yeah, my fault, but what can I say, I created the account more than 7 years ago.

      They quit responding to my emails so I started going in and purposely locking the account (it’ll lock for 24 hours for “security reasons” if you repeatedly try to reset your password with the wrong information on their form). I figured that at the very least I’d stop whomever had stolen the account from using it and maybe the repeated trouble would spur Yahoo to investigate more thoroughly or simply close the account altogether, which I decided was better than nothing. The friend might want to try this, at least it might put the brakes on the Africa money request spams for a while if he’s willing to make it a daily ritual. Even if it ultimately doesn’t get Yahoo to do anything hopefully the spammer will give up on the account after a week or two of inaccessibility.

      By the way, once I finally magically got access back I went to change my secret question and answer. Turns out you can’t do it through any form, you have to email customer service and you have to know your current question and answer to change it. I guess I’m SOL. At some point these Internet companies are going to have to figure out that it’s not the mid-90s anymore and that some of these accounts are getting to be 10 or 15 years old. People simply aren’t going to be able to remember some question and answer they filled out on some form a single time way back when they first registered.

    10. ratnerstar says:

      “Secret questions” are the worst security device known to man. They manage to be simultaneously insecure (e.g. What’s your mother’s maiden name?) and also completely useless when you need them (What was your favorite food when you filled this form out six years ago?).

      Someone needs to come up with a real multi-factor authentication standard for use over the web. Get on it, google!

    11. KJones says:

      This past year, yahoo was cutting off accounts and then “offered” to “fix it” for a $30 fee. It wasn’t just my account, it was many long-term account holders (most over three years of use). This wasn’t about problems with an account, it was legalized blackmail, holding people’s email hostage.

      Yahoo’s email might be alright for throwaway accounts, but never for anything critical. Download everything *now* before you lose it.

      Paid POP email is always the way to go, even away from home.

    12. nutrigm says:

      hmm.. this got me curious. Is it safe to be logged in with your account for over a day? What I mean by this is that if let’s say I don’t click on ‘logout’, Yahoo will still keep me logged even if it means for days. Is this safe?

    13. joeblevins says:

      Took me almost a month to get back my Yahoo account I had since the late 90′s. Just had to keep looking for email addresses on the site. I dont’ use Yahoo much since they don’t handle spam very well. But I have had it so long, didn’t want to lose it.

    14. backbroken says:

      Simple solution. If your Yahoo email gets hacked, ask yourself why you aren’t already using Gmail anyway, then go sign up.

      Ok, ok. So you are concerned about privacy and don’t like Gmail because they ‘save your emails forever.’ Well here’s a clue for you…if you use Yahoo mail, there isn’t an email that you’ve ever sent or received that Yahoo can’t get to either.

      Besides, if you are doing anything shady that you don’t want traced back to you, I suggest using a disposable email account anyway.

    15. newtonite says:

      Just changed my 1990′s Yahoo password to a tougher one. Wish there was some way to download some of my emails without signing up for premium.

      I saw a security key that I could change, not a secret question. I don’t know what it is, and therefore cannot change or view it.

      Thanks for the warning about what can go wrong….

    16. Erica H. says:

      My account wasn’t hacked, but I found myself similarly held hostage when I called in and was unable to tell them my DOB. It did lead to some hilarity, though. They continued to ask what my birthday was and I continued to insist that I did know exactly what my DOB was. I offered to provide them any other means of verifying my identity, but they held fast. Finally the customer service person said “well, try guessing”

      me: “what?! I have no idea what you have listed as my birthday. how about January 1st 1900?”

      yahoo: “no”
      me (totally sarcastic): “January 2nd 1900″
      yahoo: “no”
      me (almost laughing): “uh, January 3rd 1900″
      yahoo: “no, uhm, are you going to keep.. asking every date..”
      me: “YES”

      Anyway, I filed a complaint with the BBB because they refused to budge and admitted they didn’t have any backup plan if a birthday had been submitted incorrectly. They still failed to come up with a solution, despite me being a paying customer of theirs at the time.

      Here’s the funniest part – I did eventually figure out what they had listed as my birthday. When they rolled out Yahoo 360 they auto plugged in your age on your page. Mine showed me a year older than I am. They had my birthday off by a year, but the correct date. That made the “guess” assertion by the customer service person a little more understandable. Incidentally my Yahoo account was a converted Geocities account. I have no idea if the birthday glitch was a typo when I created the account or something that happened later.

    17. attackgypsy says:

      Use Gmail. Yahoo sucks anyways.

    18. James says:

      Yeah sure, you’re “friend”. Come on Ben, man up and admit it was you! Just kidding.

      But seriously. What attackgypsy said. Use Gmail. Yahoo blows.

    19. Juliekins says:

      I work in the IT security office at a major midwestern university. (Don’t stalk me.) I had to help a faculty member where I work who went through this exact same scenario–Yahoo account hacked, used to scam people out of money, etc etc. I forwarded her the aforementioned thread from CastleCops. I had her start out by calling 866-562-7219 opt2, opt2. She e-mailed me back and told me that number worked and she had regained control of her account. She said it was quick and easy and the person she talked to was very helpful, FWIW.

    20. dalejo says:

      For the idiots suggestings gmail – what makes you think it is any easier? Google requires the same information, the only thing that might save you with gmail is if the person who got your account doesn’t log in for a week and you are able to send a reset.

    21. Jeff asks: "WTF could you possibly have been thinking? says:

      I only use a yahoo email for signing up at websites that require you to register with an email address in order to view the content.

    22. Trae says:

      @mstanisl: The point is to e-mail them with your old password AFTER the account has been hacked — if your account has been hacked, the hacker has likely CHANGED the password, which is why you can’t just go in and do that yourself.

      This means the password you are exposing only verifies you know it, and doesn’t give anyone snooping on the e-mail access to anything else.

    23. backbroken says:

      @dalejo: I’m not saying that regaining control of your Gmail account would be easier. I’m simply saying that if you are a Yahoo user and your account gets hacked, think of it as an opportunity to upgrade your email service to Gmail.

    24. dalejo says:

      @backbroken – it’s just an opinion that gmail is any sort of upgrade. I have accounts on both but they are purely secondary that I wouldn’t trust any real info on. Gmail’s interface drives me nuts, it’s awful and while I like tags, no folders is a deal breaker.

      I do wonder now if I can get back my old yahoo account that was hacked 4 years ago. With no DOB (I did something random), they wouldn’t listen to me even though I provided lots of detail about the account. I still can’t figure out why someone hacks a random account when they don’t use the email, the dude only hijacked my IM and my ISP email still gets the yahoo groups email.

    25. Amiga_500 says:

      @ Dalejo – Don’t you think calling everyone an “idiot” who recommends Gmail a bit much??? At least when I’ve had problems with Gmail and/or their other services, I can actually get someone to call me back.

      My yahoo password was changed 6 times within 2 days. I kept resetting it to different passwords by using the “secret question” reset option. I sent 3 tickets requesting help. Not a single one was answered. Then they had the nerve 2 months later to send me a survey on how their customer service was!?! I really unloaded on them.

      No wonder Gmail is kicking Yahoo!’s a$$.

    26. levenhopper says:

      @KJones: I love gmail because of the POP3. And anyways, all three of my previous ISPs have given the family at least 5 free email accounts, that have always had POP3 access with them.

      @Trae: Yahoo support staff never have access to see your password (both the current one, and your previous ones). So sending them your password wouldn’t prove anything to them.

    27. dalejo says:

      @amiga_500 – no, not in this case. This post was about getting your yahoo account back and people are saying things like “yahoo sucks, use gmail” – that’s thread crapping. It’s not adding anything. Can you get back a lost password with gmail any easier? no.

    28. backbroken says:

      @dalejo: If there was a post about trying to figure out how to afford the cost of gasoline for your 6 mpg Suburban, wouldn’t it be appropriate to point out that you might want to look at more appropriate vehicle?

      How many Best Buy threads don’t include 20 comments telling everyone to ‘give newegg.com a shot instead.’

      I’m not saying I can get your password back. But if the user isn’t happy for whatever reason with the Yahoo email account, I can feel confident recommending gmail as a superior alternative.

      1. Better search
      2. POP
      3. Integration with Google apps

      There’s 3 positives to switching right off the top of my head.

    29. backbroken says:

      I guess recommending a better service than the one featured in the article is thread crapping, but calling other posters ‘idiots’ is not.

    30. dalejo says:

      @backbroken – snarky comments deserve that kind of response. This is just like all the PC related threads that have people saying use linux or a mac or something open source. Most people don’t even bother to try and put some context on it.

      And I don’t agree with your points on the other types of threads – those comments don’t belong either especially with the tone they are usually given in.

      Check out attackgypsy’s comment – that’s the pretty typical stuff.

      As for your points of google’s points – Google search has not been more relevant than others for several years now, maybe gmail vs yahoo mail is. POP – can do it for free with yahoo as there are programs to do this. Google apps? You’ve got to be kidding me! I’ll keep my data on my system with Office or OpenOffice thank you very much. Show me a program that can top Excel – there is nothing out there as powerful.

    31. dalejo says:

      And I’m done responding because now we’re doing the same stuff I hate in these threads. We’re way off topic of getting your yahoo account back.

    32. ARPRINCE says:

      @abercrombie121: Mine too! Was working one day and not the next day. My secret answer to the question was changed too since it always comes back as wrong. I told them it was hacked but they said there’s nothing that they can do. *sigh*

    33. crypticgeek says:

      Ben, I can’t believe you posted this. So now harassing (by repeatedly sending customer service emails about your hacked account) and lying (by claiming you’re a paying customer) are good tactics to get your problem fixed? Tisk tisk.

      Yahoo! mail is a free service (for most people). To expect them to reset your account after it’s been hacked is stupid. How are they supposed to verify you are REALLY the real account holder when all they have is your name, DOB, and a secret answer and you can’t answer it correctly? It’s YOUR fault for not having the correct answers, not theirs.

      Please don’t harass CS because you can’t reset your account. Get a new email address and move on.

    34. zeitguess says:

      This happened to me earlier this year. I’d had an old Geocities account that was converted to Yahoo and have used the same address for a decade or more. I use my Yahoo address for anything I purchase online and have a personal mail at Gmail. Right at tax time, when I needed to access my online purchase receipts for the IRS, someone managed to get into my account and changed the password. Since my original signup info as a decade old, I couldn’t remember exactly what it was so it took me a week of going back and forth with the security people to get access while I had to make excuses to the IRS. They eventually sent me ‘prove you are who you say you are’ documents that I had to fill out and fax back in with my driver’s license, blood sample and a note from my mother. It was a pain in the @ss but at least I got this account back.

    35. coren says:

      I lost access to my account a couple years ago. It took 6 months, repeated calls to customer service, repeated unhelpful emails, faxing expired IDs (don’t even ask) and an assortment of other things to get it back. But I have it again, and for the life of me, can’t figure out what the hell they wanted it for/used it for.