Click here to preview the new Fast Company

Want to try out the new

If you’d like to return to the previous design, click the yellow button on the lower left corner.

Why Can't The Persistent Hacking Of Yahoo Mail Be Stopped?

A pesky security hole is proving practically impossible to fix.

Users of Yahoo Mail are suffering from persistent hacking attempts, says The Next Web. The Internet firm, the third largest provider of email, behind Microsoft and Google, has plugged two security holes already, but has not managed to fix the problem.

While some holders of compromised accounts say that they clicked on an infected link—a fake MSNBC page, apparently—many claim that the first they knew of being hacked was when people in their contacts lists said they had received dodgy emails from them. One user, whose organization appears to have used Yahoo Mail, said that the hack—so evidently a scam—left the account in question unable to send emails or even change the password. For $100, they later discovered, the scammers would return their account to normal.

Marissa Mayer, who has been, um, much discussed since her decision to axe working from home (which is now seen as a necessary step to improve the company), announced an eventual Yahoo Mail revamping in January, during the firm's Q4 earnings call.

But a statement from the firm regarding the security breach did not say anything new. They had fixed the flaws that had been previously reported, and continued to "aggressively investigate reports of any email accounts exhibiting anomalous behavior," before reiterating that users should choose unique, alphanumeric passwords which they change regularly.

Add New Comment


  • Graywolf

    My account was hacked today.  As usual Yahoo will not do anything about it since it is a "free" service. Maybe if we all sent emails to the people who pay to advertise an Yahoo and tell them that everyone is leaving Yahoo to go to Google maybe they will finally do something about it!
    BTW this is the 4th time mine has been hacked.  The first time I had actually paid for my yahoo acct they closed it and yahoo refunded my money.  Of course I got a technical support person with a God complex and could not get it back.  The last 3 were just hacked and an email sent to all my contacts.
    I think I will switch to Google.

  • John

    I got hit this morning. Woke up at 6.30 to find email filled with reports of mails undelivered. Recognised many of the names. Logged in, changed details OK. Outlook on desktop showed nothing in Sent File, same in Web mail, but then went back to phone and found hundreds of emails in the sent folder. Though then it must have been a hack on the phone, but... looking in my webmail again, found a dozen unsent spam emails in drafts folder.

  • Jimw4776

    Over at the Nex Web site, has to be over 300 comments now of accounts being hacked. You know a well for every 1 posted review here are hundreds if not more thT have not posted. Th short of it is as of March 30th, 2013 this is STILL an ongoing issue. Many are now posting that h did not even click on the link that was sent to them.

  • Tejal Shania Kala

    I am with yahoo and hope it gets fixed cause I changed my password now it don't work on my ipad it says server unavaillable

  • Palmerboxing

    I really think its time to say " Good night " to yahoo, problems all the time, its just crazy , try to get organized and new codes is like mixing wine with mud, its all too much, sad really , but what is yahoo doing aout it, I think its time to say goodnight to yahoo , & leave them all alone !

  • Palmerboxing

    hOW Can I fix my email on yahoo,it gos stupid every day..hackers & everyone I think.

  • dick

    Im so glad I changed to another email provider years ago. All I see is people with yahoo mail account getting hacked all the time to send spam out to everyone in there address book. Its not just a 1 off thing. Its being happening for years. Its just simply not good enough. Yahoo really have to be proactive about this or they will see people migrating to other email providers like I have.

  • Earth

    My yahoo account was hacked mar 13 2013 from the phillipines..time to switch to gmail and sell yahoo stock

  • kgass

    i began receiving an unusual amount of spam on 3/7/13. on 3/8/13 i was unable to access my account (pw was incorrect)??. i attempted to reset the pw and was asked questions that i never recalled setting up. puzzled, i regretfully attempted to answer them. questioned this incorrect pw as i've had this same account/pw for years. i stopped answering after 2 random questions logged out and then back on.the original pw worked!! 3/10 a message from yahoo saying my account was hacked with the correct pw used from malaysia (twice). then a list of undelivered emails shows up in my in-box. multiple calls/texts from contacts who had received suspicious emails from my account. first time ever this has happened with this longstanding account.
    thankfully i never did give my cell number to yahoo (who has requested it numerous times) adios yahoo. i'm off to the gmail sidel. 

  • Adisqus Winters

    My Yahoo account was hacked this morning (10 March 2013).  The pattern is the same: a set of fake emails (with a link) are sent to anyone to whom I have previously sent an email.  Importantly, the Yahoo account in question is one of my disposable email addresses (i.e. its main use is for registering for online services, etc, and do not want to give my real name).  The only link I have EVER clicked on from the account is a link to eBay and to PayPal (because this is the email address I have recently started to use for eBay).  In other words, if Yahoo claims that the hack is fixed, they are simply lying.

  • Jen

    I just got hacked on friday I was on my phone when they did it and was watching the bounce back notices pop up as they were sending it. Surely there is a way to stop this, since then (2 days) I have had to change my password 3 times, they have changed my security questions as well. When you look at my login history it says I logged in in 'India' when it happened, there has to be some way to red flag that, also can't there be some sort of option to select to say that your account isn't able to send x amount of successive emails in a short period of time? and if it attempts to then they send a text to your phone and you need to verify it. This would slow them down and hopefully you will catch them before it gets worse? The only people that need to do mass mail outs are big companies really and they have other security checks to go through. 

  • Queenofmeanest

    I just received an email from a "LATE" friend of mine.  Her account was just hacked.  Yahoo is not going to do anything about this.

  • Queenofmeanest

    My email account has been hacked several times and I am sick of it.  Contacting the idiots at Yahoo is a joke.  One supposed CSR told me to answer the security question left by the hacker.  How am I supposed to know that?

    Yahoo needs to go the way of 8088s and DOS.

  • JP

    It appears to be an incredibly sophisticated piece of hacking this time round in March 2013.  I had not done anything stupid. My account was hacked into via Mexico whilst I was nowhere near a computer, my contacts were raided, and I even received a very convincing fake e-mail from someone claiming to be one of my old contacts.  This link was at the end of that e-mail : - a very dodgy looking site. PLEASE DO NOT CLICK ON THAT address without high tech protection - it's just given here for information.

  • RoscoepColetrane

    Can anyone recommend how nuclear to go with this? Should I freeze my credit or is this strictly a spam issue. I really don't wan to change all my cards/accounts if I don't have to. I was hacked on March 7.  I really hate yahoo right now. 

  • Ninat

    I am unable to receive email since yesterday. I got a strange email from yahoo requesting my phone number as an additional check in case I forget my password. Sounds funky. I think I will trash it.

  • Macineely

    I use two yahoo mail accounts. One is the public one, that I regularly for posting, signing up, etc. . The second is my private one, where I keep personal things, like emails, notes, etc. 

  • Mtl Boston

    Who cares? I mean YHOO stock is up 40% since the hacking. Nobody cares about security, people care about features