Many of my Yahoo using email acquaintances have gotten hacked in the past few months. By "hacked" I mean that Yahoo email service is sending bogus emails to their contacts. The email appears to be from the right person and the text may even contain their name. The message will be something bland, but there will always be a hyperlink.
I routinely ignore emails like that and never click on the link. However, in spite of my precautions, yesterday afternoon one of my Yahoo email accounts sent out emails to a bunch of my contacts with a bland message and a hyperlink. As soon as I discovered it I sent a real email to all of them telling them not to click on that link.
This morning another of my Yahoo email accounts experienced the same thing at 6:45 AM. The account page showed that someone logged in with "Yahoo! Partner's Application" at that time from Israel.
I changed the passwords and deleted the contact lists for both accounts to deprive them of spammunition. Then I ran two anti-virus programs on my computer, AVG and Avast. Both programs reported that my computer was clean. Then I ran the Sophos virus removal tool and Malwarebytes Anti-malware tool. Both reported a clean computer.
So what was the problem? I still don't know, but I strongly suspect it was Yahoo and not my computer or something I did. That suspicion is shared by others. See Yahoo's Email Hacking Problem Starts To Hurt As Major Telecom Provider Ditches The Service:
A British telecom company says it will no longer make Yahoo Mail the default email service for its 6 million customers due to concerns their accounts are vulnerable to getting hacked.
“We will be switching customers’ email over to BT Mail, which will include the features and functions they expect from a modern email service,” said Nick Wong, online director for British Telecom’s consumer division, according to The Telegraph.
The shift of BT's 6 million customers to another email service represents just a small fraction of Yahoo's overall email customer base of about 280 million people worldwide. But the loss of clients could be a troubling sign for a company that relies heavily on maintaining its email users to generate advertising revenue. Yahoo is now the third-largest email provider after Google’s Gmail and Microsoft’s Outlook.com.
That Yahoo hasn't yet solved the problem suggests it must be a big one.
One of my correspondents asked if it might be NSA. Hmm. Maybe that explains the clean anti-virus reports. Those off-the-shelf anti-virus programs don't know how to detect sophisticated state sponsored viruses. But even if they did, the companies, at least the American ones, might be prohibited from alerting their users.
Update: Molly in a comment pins the problem on "Yahoo Partner Applications." See How to thwart those annoying Yahoo email hackers for a step-by-step on how to get rid of it. Thanks Molly!
Are you kidding me? This happened to me today. The source of the problem seems to be Yahoo! Partner's Application. You should see that as the source of your compromised login.
You can disable Yahoo! Partner's Application ability to login by going to Account Info/Manage Apps and Website Connections.
If you remove Yahoo! Partner's Application it will prevent you from being able to access through methods like the Yahoo Android App, but it should also prevent you from getting hacked this way.
I stopped using the yahoo android app because the damn thing was annoying.
Posted by: Molly | June 19, 2013 at 08:29 PM
Molly.
The hacker of my two accounts came through that Yahoo Partner's Application. But I didn't realize it could be disabled.
It's disabled now!
Thanks!!!
Posted by: Geo | June 20, 2013 at 05:05 AM
This web site is really a walk-through for all of the info you wanted about this and didn’t know who to ask. Glimpse here, and you’ll definitely discover it.
Posted by: freddie | June 28, 2013 at 02:35 AM