Yahoo hack: What do you do if your account was hacked?

Yahoo announced Thursday that at least half a billion people had their email accounts hacked in late 2014. In a press release, Yahoo said a “state-sponsored actor” was responsible for the theft – meaning, likely, Russia or China.

If you’re looking for some good news in this situation, here it is: the hackers did not get into everyone’s account. Thankfully, Yahoo protects accounts with “hashing,” a type of cryptography that is used to protect passwords, so there is a chance the hackers missed you.

Related: Yahoo confirms hack of 500 million users

However, those of us who use common passwords – looking at you “12345” – are less likely to have escaped unscathed.

Not only are Yahoo email accounts at risk, but Yahoo also owns Flickr and some of those accounts could have been hacked. Yahoo owns Tumblr, too, but they say no Tumbler accounts were affected.

>> Got a question about the news? See our explainers here  

So, whether you know if you’ve been hacked or not, here’s what you need to know and need to do if you have a Yahoo account.

1. Change your password – It seems like a closing-the-barn-door-after-the-horse-is-out moment, but not really. Change your account password in case you were not hacked and to stop anyone who has your password from getting back in. Do that now.

2. While we are on that subject, do not use the same password for other accounts. Using “password1” for everything is like opening gifts on Christmas to a hacker.  

    How do you come up with a secure password? Check this method. It’s a bit of work, but it will be worth it. Yahoo also suggests you enable two-factor authentication (2FA) – a two-step verification process that requires a password and username plus some other bit of information to get into an account.

    Check here for a list of websites that support 2FA.

    3.  If you have been hacked, Yahoo will notify you and will invalidate unencrypted security questions and answers. So those questions about the color of your first car, or your mother’s maiden name won’t work soon. By the way, you should make up not-so-common answers for those questions, too.

    From Yahoo, here are the signs of a hacked account and what to do.

    Signs your account has been hacked

    • Your account information has changed without your knowledge. 
    • There are logins from locations you don't recognize on your recent activity page.
    • You aren't receiving expected emails.
    • Your Yahoo Mail account is sending spam.

    What to do now

    Stop your account from sending spam

    Receiving spam is one thing. Getting reports of spam coming from your account is another. If your account's been hacked to send spam, you can fix it! The fastest way to stop your account from sending spam is to secure your account by creating a new, strong password or enabling Account Key. 

    Report a forged (spoofed) email

    Forged messages are emails that appear to be sent from your email address, but they're actually sent from an entirely different email account. If your Yahoo Mail is secure, but people are still getting spam that looks like it comes from your address, it's probably a forged, or "spoofed," email.

    • View the full header of the email in question.
    • From the last Received line of the full header, take note of the originating IP address.
      - This corresponds with the sender's Internet Service Provider (ISP).
    • Conduct an IP lookup through a site like to determine which ISP provides the sender with Internet access.
    • Contact the sender's ISP to request that appropriate action be taken.

    Email providers can't prevent such forgery, but if fraud is identified, action can be taken.

    Review your Yahoo Mail settings

    • Delete email contacts that you don't recognize.
    • Delete linked Mail accounts that you don't recognize or control.
    • Change your password on any linked accounts that you control.
    • Make sure your vacation response is turned off. 
    • See if someone else has been accessing your account.

    Other commonly changed Yahoo Mail account settings:

    • Signature
    • Sending name
    • "Reply-to" address
    • Mail Forwarding
    • Filters
    • Banned Addresses

    Restore missing email, IMs, and Contacts

    If you're missing emails, IMs, or Contacts, it's possible that you can restore your lost or deleted email and IMs. You may also be able to recover lost contacts.

    Check your computer for malware

    Malware can corrupt your system and capture sensitive information, like passwords and bank account numbers. There are several anti-malware programs you can find online that detect and remove malware on Macs and PCs. 

Reader Comments

Next Up in News

Trump's immigration stance could reverse trends, spur Latinos to vote
The USA TODAY Network is spending time in eight counties in eight states, exploring the key electoral themes that could decide this fall’s...
7 things to know now: First debate is tonight; Arnold Palmer dies; LSU fires Les Miles
7 things to know now: First debate is tonight; Arnold Palmer dies; LSU fires Les Miles
Here's a roundup of news trending across the nation and world today. What to know now: 1. Debate night: The first presidential debate is set for...
Video shows deputies stunning man with hands behind his back
Video shows deputies stunning man with hands behind his back
WSB-TV has obtained exclusive showing a Georgia man standing up against a wall in the Richmond County Jail with his hands behind his back, and...
Could 'Trump TV' make it on the air?
Could 'Trump TV' make it on the air?
After presidential candidates fall short in the their bids for the White House, they typically write books, make speeches and wait for the wounds of...
‘In-betweeners’ are part of a rich recruiting pool for Jihadis
‘In-betweeners’ are part of a rich recruiting pool for Jihadis
WASHINGTON — They were young men caught between cultures, sons of immigrant families, feeling lost or rejected — and angry about...
More Stories

You have reached your limit of free articles this month.

Enjoy unlimited access to

Starting at just 99¢ for 8 weeks.


  • ePAPER

You have read of free premium articles.

Get unlimited access to all of our breaking news, in-depth coverage and bonus content- exclusively for subscribers. Starting at just 99¢ for 8 weeks.


Welcome to

This subscriber-only site gives you exclusive access to breaking news, in-depth coverage, exclusive interactives and bonus content.

You can read free articles of your choice a month that are only available on