# "We believe your Yahoo! account has been compromised."



## sharky (Jul 9, 2001)

I recived this message when i went to enter my email account.
I closed down the browser. Opened another browser and changed my password on my own.

Comments?


-------------------------------------
Change your Yahoo! Password
Enter your current password and then choose your new password. Click Save when you're done.

We believe your Yahoo! account has been compromised.


A simple password change will help protect your account. Learn More

To change your password:

Please enter your Current Password below.
Choose and confirm your new password and click "Save".
Please write your password down - many people forget new passwords when they change them. Keep your password in a safe place for your reference.

Enter your Current Password: 
Choose a New Password: 
Confirm your New Password: 

Tips For a Strong Password:

Don't use the same password for multiple sites.
Avoid using a complete word or a name.
Use at least 7 characters. The more the better.
Combine capital and lowercase letters, numbers, and symbols (! @ # $ % ^ &, etc.).
Don't use personal information that someone could easily figure out.
Don't use your Yahoo! ID in any form (reversed, capitalized, doubled, etc.)

Attention: If you choose not to change your password at this time, please note that you're leaving your account and information at risk and that some Yahoo! services, like Yahoo! Messenger, may not work. Continue on to Yahoo!

Copyright © 2011 Yahoo! Inc. All rights reserved. Copyright/IP Policy | Terms of Service | Guide to Online Security

NOTICE: We collect personal information on this site. To learn more about how we use your information, see our Privacy Policy


----------



## Phantom010 (Mar 9, 2009)

I'd say it's a phishing scam. Was that message in your Inbox?

I've used Yahoo! Mail for 10 years and have never received such a warning.


----------



## sharky (Jul 9, 2001)

Phantom010 said:


> I'd say it's a phishing scam. Was that message in your Inbox?
> 
> I've used Yahoo! Mail for 10 years and have never received such a warning.


I clicked on the Yahoo Email enter password page, that page took its place.


----------



## Phantom010 (Mar 9, 2009)

It's quite odd. I've never seen that message. How would they even know it was compromised?


----------



## JSho24 (Jun 14, 2011)

Phantom010 said:


> It's quite odd. I've never seen that message. How would they even know it was compromised?


I know Facebook has a security feature that tracks and alerts you if your account was logged-in at a different location. (Or something along those lines)

Maybe Yahoo! noticed unusual activity from another location(s) and this is their way of telling you to change it. Since it wasn't a message in your inbox, it "seems" legit.


----------



## Phantom010 (Mar 9, 2009)

I've logged into my account from many different computers, in different parts of the world. Never seen that message.


----------



## Gabriel (May 2, 2003)

I got the same message page, changed my password, and can access Yahoo again.


----------



## JSho24 (Jun 14, 2011)

Phantom010 said:


> I've logged into my account from many different computers, in different parts of the world. Never seen that message.


Guess I forgot to mention that it is something you have to manually enable on Facebook, and I assume Yahoo! as well. Most e-mail providers have this feature. So maybe the OP has this on?

Only reason I am suggesting this is because it was a re-direct, and not a message in his inbox. This COULD also point to malware on his/her computer, but this is less likely.


----------



## Phantom010 (Mar 9, 2009)

Not being in the Inbox, it's likely to be a legit message. However:



> I'm always a little suspicious of forms that pop-up out of the blue asking for log-in information. It's better to actually input that stuff into sites that you purposely navigated to yourself.
> 
> If I were you, I would do a password reset through Yahoo! Here's more information:
> 
> ...


http://windsorpeak.com/vbulletin/showthread.php?t=397109



> Account may be compromised
> 
> http://help.yahoo.com/l/us/yahoo/securit…
> 
> ...


http://answers.yahoo.com/question/index?qid=20110709022040AAAb2us


----------



## Phantom010 (Mar 9, 2009)

By the way, I'm still using Yahoo Classic. Can't stand the new version. Perhaps that's why I'm not getting the warning?


----------



## Gabriel (May 2, 2003)

Phantom010 said:


> By the way, I'm still using Yahoo Classic. Can't stand the new version. Perhaps that's why I'm not getting the warning?


I have kept classic also, and got the message.


----------



## Gabriel (May 2, 2003)

I have used the Yahoo site reset link for compromised accounts, and have entered a new password. Also, I am running Spybot and AVG (not at the same time) and will do and compare a HJThis logue with one I did a few weeks ago that was clean, and before the page came up....Just in case it was a bogus page. Is there anything else I should do?


----------



## Kapustin Yar (Dec 12, 2008)

I got a message saying the same thing today. I went on Yahoo Answers and asked if this was legit. *The answer was NO. Yahoo will never ask you for your password THIS IS A SCAM!!!!

Click this link:

http://answers.yahoo.com/question/i...jLJpziHsy6IX;_ylv=3?qid=20110721185141AAHaxoj
*


----------



## Gabriel (May 2, 2003)

Don't they ask for our password when we have to sign back in?


----------



## Kapustin Yar (Dec 12, 2008)

Gabriel said:


> Don't they ask for our password when we have to sign back in?


That isn't asking for your password. That's signing back in. Asking for your password is when someone representing Yahoo comes to you personally says your password has been hacked and you have to create a new one. Then they ask you to enter your old password and type a new password on THEIR email form, not on the Yahoo website.

Think of it this way. First, how would they know if your password was hacked? Second, wouldn't they have advised you of the strength of your password when you signed up and third, all they had to do was to tell you to go back to the Yahoo site and create a new password, not to enter it on their form, where you have no idea where that form came from.

You can believe this message is legit if you want but I don't. I think its a very clever phishing scam. I would advise you go to the yahoo mail website and change your password again. Good Luck:up:

Edit: BTW it looks like you already did so good for you!


----------



## sharky (Jul 9, 2001)

"Also, anytime you input log-in info check out the URL in the website's address. It should start with "https" rather than the normal "http". This indicates that the site is encrypted and secure. Phishing sites will generally not have this and you should NOT input your personal information there. "


When i got the "We believe your Yahoo! account has been compromised." , i copied down the address and 'was' going to post in in this thread but thought that may not be a good thing . 

I dont recall if it began with "https" or "http" but will remember that advice. 
Also, the address was extremely long, it had yahoo.com but alot of other wording that did not seem right.


----------



## jysharp2003 (Jul 22, 2011)

I am getting this too. Bottom of page it does allow me to skip and login to mail but not sure of the whole reason why I have been prompted by Yahoo of possible security issue. A possible reason was mentioned back by a user. I enabled Facebook to interface to Yahoo Mail. Maybe Yahoo is just reacting to this?


----------



## Phantom010 (Mar 9, 2009)

jysharp2003 said:


> I am getting this too. Bottom of page it does allow me to skip and login to mail but not sure of the whole reason why I have been prompted by Yahoo of possible security issue. A possible reason was mentioned back by a user. I enabled Facebook to interface to Yahoo Mail. Maybe Yahoo is just reacting to this?


You've got a point there. Maybe Facebook is to blame for this sudden issue...

I don't use Facebook, so I'm not getting the warning. Are you guys all using Facebook?

I've had trouble with Facebook a while back. I had to disable IE8's Compatibility View for all websites in order to fix the problem, even though I wasn't using Facebook in any way. Facebook is everywhere now, on most webpages.


----------



## Kapustin Yar (Dec 12, 2008)

I used to use Facebook but I got rid of it 6 months ago because of security issues. I canceled it entirely.


----------



## Kapustin Yar (Dec 12, 2008)

The message went away after awhile. But I got the same message again this morning. I use FF 3.6 Here is the link. I deliberately put the % (percent) sign before the https so you people could see the full link on display rather than it showing up only partially as a shortcut:


hxxps://edit.yahoo.com/config/change_pw?.src=ym&.done=http%3a//us.mc1127.mail.yahoo.com/mc/welcome%3f.gx=1%26.tm=1301297462%26.rand=83leiuf2ma7gk&.scrumb=V6btXOE65wd"]%hxxps://edit.yahoo.com/config/change_pw?.src=ym&.done=http%3a//us.mc1127.mail.yahoo.com/mc/welcome%3f.gx=1%26.tm=1301297462%26.rand=83leiuf2ma7gk&.scrumb=V6btXOE65wd


----------



## Kapustin Yar (Dec 12, 2008)

Attached to this reply is a copy of the message I received


----------



## Cookiegal (Aug 27, 2003)

Since we don't know for sure if it is legitimate, I've modified the link so it's not clickable.

Although it may be legitimate, it's always advisable to do your password change the regular way rather than using a form that is presented to you in this fashion as a precaution.


----------



## jysharp2003 (Jul 22, 2011)

Good final words Cookie. Never trust pop ups. I think Yahoo is second thinking this automation they put in place and would have rather had an email that explains the possible action. I would have preferred that then sniffing around the web for what is going on.


----------



## Datababe (Dec 28, 2004)

> I used to use Facebook but I got rid of it 6 months ago because of security issues. I canceled it entirely.


I'd like to know how, and I'm not being snarky either. I've avoided my Facebook account like the plague for months (I only signed up in the first place to check out firsthand where so many of my customers were picking up malware *sigh*). I've heard it's next to impossible to really, truly, scrub all your info off FB and completely shut down an account, but maybe that's finally changed...?

- DB

p.s. count me as another who prefers Yahoo Classic. I'm not looking forward to being finally forced to upgrade. I fear the "new features" I could prolly do without. :-/


----------



## Phantom010 (Mar 9, 2009)

Kapustin Yar said:


> Attached to this reply is a copy of the message I received


Looking at that screenshot, I don't trust it. I would ignore it and change the password following the standard procedure on the *Reset your password* page:

http://help.yahoo.com/l/us/yahoo/edit/id_password/edit-20.html


----------



## Kapustin Yar (Dec 12, 2008)

Datababe said:


> I'd like to know how, and I'm not being snarky either. I've avoided my Facebook account like the plague for months (I only signed up in the first place to check out firsthand where so many of my customers were picking up malware *sigh*). I've heard it's next to impossible to really, truly, scrub all your info off FB and completely shut down an account, but maybe that's finally changed...?
> 
> - DB
> 
> p.s. count me as another who prefers Yahoo Classic. I'm not looking forward to being finally forced to upgrade. I fear the "new features" I could prolly do without. :-/


I just followed the FB cancel link. It took me two weeks to cancel because they said they were going to keep it open just in case I changed my mind. They said if I signed back into facebook any time during those two weeks it would automatically reactivate my acct. I didn't sign in and I just checked again last week and I'm free.

BTW I'm a classic user too.


----------



## Kapustin Yar (Dec 12, 2008)

Phantom010 said:


> Looking at that screenshot, I don't trust it. I would ignore it and change the password following the standard procedure on the *Reset your password* page:
> 
> http://help.yahoo.com/l/us/yahoo/edit/id_password/edit-20.html


Yeah I see what you mean now. What legit link begins with the word "edit" after the https.


----------



## Kapustin Yar (Dec 12, 2008)

I just changed my Yahoo password using the "Normal" way and i still got a message saying my account may have been compromised. I changed it anyway just in case. So I guess the mystery continues.......


----------



## Phantom010 (Mar 9, 2009)

Have you tried deleting your Cookies, Temporary Internet Files and History?


----------



## Kapustin Yar (Dec 12, 2008)

I'm reluctant to delete cookies and history because I depend on cookies for some websites to retrieve info and because i like being able to look up my history on occasion. 

But you're saying I should delete them all entirely?


----------



## Phantom010 (Mar 9, 2009)

That would be the first thing I would try if the warning message was coming back constantly.


----------



## sharky (Jul 9, 2001)

When i click to go to the Yahoo Email page, i get this pop up ]from Opera]


WRONG CERTIFICATE NAME
The Certificate Name Does Not Match the Hostname Accept?
Warning security details

Server name
login.yahoo.net

When i clcik the security buttom on this page , i get a message that says
the Server name does match login.yahoo.net does not match it s certificate name
Somebody may be trying to eavesdrop on you."


----------



## Team3 (Jul 26, 2011)

I sent Kaputsin Yar's link to Yahoo! since it was the same one I had. They sent me to their Account Verification Team's chat window. Here's what they said:
*Yule: *Yes, this was a legitimate prompt. 
*Yule: *There are a couple of different reasons why our system may flag your account as compromised. 
*Yule: *Our system does not allow you to use a password that is the same as or similar to a password that you have used in the past. If our security system believes that your password is insecure, you will be asked to change it.
*Yule: ** Another common cause for this password "trap" is IP activity. If multiple emails are sent from your account with IP addresses that indicate access from multiple geographical locations in a short period of time, then you will be prompted to change your password as well.
*Yule: ** It is also possible that this password prompt is in error, and no intrusion has occurred in your account. If you have been traveling recently and have accessed the account from multiple locations, we will need to be notified. Additionally, if you use software like "Anomymizer Universal" to protect your online identity, we recommend that you disable such software before accessing Yahoo!.


----------



## sharky (Jul 9, 2001)

Thanks team3,everyone else who has posted in to get to the bottom of this issue.


----------



## Buttle (Aug 16, 2011)

You guys are such amateurs. You people who are getting the message: didn't you notice that it "popped up" AFTER you entered your username and password into the sign-in form? YOU JUST SIGNED IN. After you were already logged in, yahoo informed you of some problem with your account. I can't believe I just read (scanned) through 3 pages of discussion about whether or not this is a virus or a fake page. YOU LOGGED IN TO YAHOO.

I have no doubt it is yahoo. What I'm wondering is why they think my account has been compromised. I feel like I'm entitled to some explanation from them, before I change my beloved password of nearly 10 years.


----------



## Cookiegal (Aug 27, 2003)

There is always a chance that accounts and pages have been hacked to display other things. It's not appropriate to be rude or insulting to other members. I suggest you read through the rules and be more careful in the future.


----------

