Old (but crucial) news and Merry Christmas

By | December 19, 2016
This content is 8 years old. Please, read this page keeping its age in mind. Thank you.

This’ll be the last email from me before Christmas day so I want to say I hope you and yours have a very Merry Christmas.

I had thought about seeing if there was something suitably festive I could write about today – perhaps  Google’s advent calendar or the American aerospace controllers who also track Santa’s sleigh.

And feel free to have a look at those for a bit of festive fun.

But there’s something else I felt I really ought to talk about – and you might have seen it in the news.

It’s news about Yahoo having lost (well, not lost exactly – it was stolen) some data. And by “some” I mean “huge massive great piles”. Details of 1 billion email accounts, in fact. But there are a few things to clear up – and if you have a Yahoo email address this could be really important for you.

Even if you don’t have a Yahoo email address, I’d read it, especially the “crucial bit” – in case your email provider ever gets similarly hacked.

So the first thing to say is if you heard about Yahoo losing 500 million email details recently, this isn’t the same case – it’s a separate incident.

Secondly, to be fair to Yahoo, they weren’t storing email addresses and passwords unencrypted. The email addresses were “hashed” – but in a type of encryption that can be broken nowadays (I don’t know whether it could be broken at the time of the theft – it could be the bad guys stole the data, then kept it quiet, waiting until they could crack it).

And it’s not just happened – it happened back in August 2013. So in a sense it’s old news. But it’s only just come to light. From the sound of it, Yahoo didn’t spot it (it’s very hard to spot someone’s copied your data) – the police (or some law enforcement agency in America) did.

What’s been stolen is email addresses and a way to bypass the passwords that go with them – which means someone could log in and then get at or even change your password, then read your emails and send (spam) emails that look like they’re from you. Of course, if they’ve changed your password, you won’t be able to get in – not unless you have a way to reset your password set up.

Yahoo have already fixed it so that the trick for getting in without the password doesn’t work any more. But if the hackers have already got in, they may have got your password.

Yahoo have said they’re going to contact everyone who is affected to let them know.

So what do you need to do?
Well, if you have a Yahoo email address, you should log in and see if you have an email from Yahoo saying you’re one of the people affected.

If so, you need to change your password so the hackers can’t get in again. In fact you might want to change your password whether or not you’ve had an email from Yahoo, just to make sure.

But here’s the crucial bit:
If you get an email saying you’re affected and giving you a link to click to reset your password, don’t click it.
You see, I bet there are scammers sending out fake emails to every Yahoo email address they can think of right now, saying “Your account has been compromised, click here and reset your password” or similar.

Don’t do it!

Instead, change your password in the normal way you would: log in to Yahoo as normal, then click (or tap) on the cogwheel near the top right. Then from the menu that appears, choose “Account info”, click on “Account Security” (it might ask you to put your password in to check it’s you).Then click on Change Password and put your new password in twice.

One more thing: while I was doing this it asked me to confirm my phone number – I have a mobile phone set up so if I do get locked out of my account they can text me a code to let me in again. But their code to confirm the phone number wasn’t working. I suspect this may be due to thousands and thousands of people using it at the moment – but for whatever reason, it’s pretty embarrassing for them just after these problems… and given that they pop up a message suggesting you confirm your phone number in this way, only for it to not work. So don’t worry if it doesn’t work for you – it’s not you doing something wrong!

One more thing: if you find your password doesn’t work when you go to log in, it might be that hackers have already changed it. There should be a link “I’ve forgotten my password” – click that and it’ll take you through some things you can do to get back in.

Right, that’s all for now. Sorry it wasn’t more Christmas-y but this seemed too important to wait until later. You can always have a look at the advent calendar or Santa tracker for something cheerier.

Have a very Merry Christmas

5 thoughts on “Old (but crucial) news and Merry Christmas

  1. S. Patel

    Excellent tips as usua! You are blessed to be a blessing. Thank you and Merry Christmas to you too.

  2. Eryl Bassett

    Thanks very much for the unChristmassy but most valuable advice.

    I followed this, and all seemed well until the final step. Yahoo (at least I hope it was Yahoo) confirmed my change of password, but then sent me to a page (apparently owned by google)which claimed there was a privacy error. Since I don’t use yahoo for anything sensitive I guess it’s ok just to ignore this until I get more info.

    Meanwhile, thanks for all the advice over the year, and I hope you have a restful Christmas.

    1. Tim Post author

      that’s another embarrassment for Yahoo! I’d check it’s worked by logging in to Yahoo and checking that the new password lets you in. If it doesn’t ask you for a password, you can click near the top right and select “log out” or “sign out” and then try again and that’ll make it ask you for the password.
      If the new one doesn’t work, use the old one and it’d be worth trying to change it again.

  3. Audrey needham

    Can you help I seem to have my whatsapp contacts mixed up with my all contacts

    1. Tim Post author

      Is this on a phone? It depends on the exact phone you have but usually there’s an option (often at the top right) where you can choose between “all contacts”, “Contacts on phone” and various other settings – it’d be worth trying the different options there to see if you get what you’re after.


Leave a Reply

The name you enter will be displayed. We collect your email address but do not display it. Full privacy policy here. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.