Yahoo was the first internet email account I ever used, way back in the late 1990’s. I used that account for my personal email until 2 years ago when my contact book was hacked. Everyone in my book received phishing emails supposedly from me.
I only use the account today for various newsletters. Using separate account for personal communication and other stuff like newsletters is a good way to keep your personal email account free of spam.
I thought of this today when I saw that Yahoo mail accounts have been compromised, including usernames and passwords. Yahoo asserted last Friday that the breach was from a “third party” database, but they did not make clear what that means. If this was a site not directly related to Yahoo, why would the hackers apparently only be interested in Yahoo users? Could the hackers have guessed the correct credentials by analyzing data entered for other purposes? After all, many users use the same credentials for many different accounts.
Regardless of how they got the credentials, Yahoo reported that hackers had used them to access email accounts and garner personal information. Yahoo will be resetting the passwords of effected user, so be prepared if you are a yahoo email account holder.
The incident highlights the importance of good credential management. Don’t use the same credentials at multiple sites, use strong passwords and change passwords frequently.
Frankly, that advice is a real nuisance. However, you ignore it at your peril.