Until September of 2011, I was a relatively happy customer of Yahoo Mail. I paid $20 a year for their “premium” service, not knowing that part of their “premium” benefits included giving out my contacts information to spammers.
On September 16 last year, I opened my Yahoo email to find a bunch of weird bounce messages from people in my contacts list – it looked like spam had been sent through my email address. Panicky, I started by doing a complete scan of the computer which came up clean. I then started looking at the emails – one of which was sent to my other Yahoo account so I could inspect the actual mail. It did appear to have actually been sent from my account, and not a “spoof” account.
In a real panic at this point, I quickly changed my Yahoo password, then tried to email Yahoo to tell them about the problem. I received this canned response:
“Some users have reported that their contacts received spam that originated from their Yahoo! Mail account.
If you’ve experienced this issue, we strongly believe your account has been compromised and was used by an unauthorized third party to send spam or fraudulent emails to your contact list.
The best way to assure that this does not happen in the future is to change your password. By changing your password, you minimize the resulting risk for your Yahoo! account. For help selecting a strong password, please review the tips posted in the password section of the Yahoo! Security Center.”
I replied that I had already changed my password (I do so every 3 months anyway), but that no one had accessed my account, there was no way that anyone could have gotten my password, and that I believed they had some sort of security breach. I received no reply for a week. I sent another request for further information, and again received no reply.
During this time I received emails from a few friends who had exactly the SAME THING happen to them with Yahoo. Talking about it on Facebook and different online forums garnered even more responses from people who had the same issue! At this point I am certain I was not hacked, but that Yahoo has a massive security issue that they are simply ignoring or covering up.
Finally two weeks later on September 27, I received this reply:
“We are very sorry for the significant delay in responding to your message. We are currently receiving an unusually large number of emails and have mobilized additional resources to get them answered. We are committed to providing you with the quickest and most accurate answers to your questions.”
During this time I switched everything over to Gmail, copied my contacts, then completely deleted my contacts list from Yahoo, and canceled my Premium service.
On October 1, another batch of spam was sent to my contacts – this is AFTER I had changed my password and deleted all my contacts from my yahoo account. I again changed my password and also backed up my saved emails to a different computer, then deleted every stinkin’ thing from my online Yahoo account.
On October 4 I received another copy of the same “We are very sorry for the significant delay in responding to your message.” I have replied to each one of these and have never actually received any kind of response whatsoever, other than these canned messages.
Just last week, another batch of spam was sent to my contacts list from my Yahoo account. The same one that has had multiple password changes and absolutely NO WAY of anyone but Yahoo accessing the account.
So, after reporting this last batch of spam, I’ll bet you can guess what their response was? “We are very sorry for the significant delay in responding to your message. We are currently receiving an unusually large number of emails…”
I wish there was some way to make the general public aware of this problem, and to force Yahoo to own up to it, figure out the cause, and FIX it. If anyone has a good idea on how to make that happen, I’m open for suggestions! And if you’ve had the same thing occur to your Yahoo account, please say so in the Comments!
