YaHoo Usernames & Passwords Leak
(Tip: Everyone should look into their email filters, use a password manager and change their passwords often.)
On February 2, 2021 a very large data breach called the Compilation of Many Breaches or COMB was posted on a popular hacker forum and then duplicated on many other hacker forums.
"Because COMB is a quick, searchable, well-organized database of past major leaks, it naturally contains past leaks. This includes major leaks from popular services such as Netflix, Gmail, Hotmail, Yahoo and more.
Based on our analysis of the breached data, there are approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak." -- Bernard Meyer (CyberNews)
Based on our analysis of the breached data, there are approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak." -- Bernard Meyer (CyberNews)
Most websites that mention these cyber security leaks are recommending people to change their password and use a password manager. That is good advice for someone that doesn't have a compromised account. A compromised email may contain harmful filters that will send information to a hackers account or block email from places like Amazon and/or bank account update warnings. Filters must be removed before changing passwords and putting them in a password manager.
Articles you may want to take a look at:
- COMB: largest breach of all time leaked online with 3.2 billion records
- Check this list: 3.2 billion leaked usernames and passwords
- COMB: The Big Password Leak
Before you go into panic mode, check to see if your email was posted to the dark web or other online hacker forums. Below are eight websites that you can use to check if your email was posted on the dark web.
How to Check Your YaHoo Email Filters
The All-new Mail – the new version
Log into your Yahoo email and click on Settings in the upper right corner. Then click on the ... More Settings links near the bottom.
Log into your Yahoo email and click on Settings in the upper right corner. Then click on the ... More Settings links near the bottom.
Next, click on the Filters on the vertical tab list and then look to the right to see if someone has added a filter to your email. Look under the Your filters section. By default, you should see 0 of 500 used. If your email was compromised then you might have a filter added to your email. Someone could create a rule to that will send emails from a certain address to an alternate address without your knowledge. They may create a rule that will send emails from your online bank or places you purchase things online, like Amazon, Walmart, Best Buy, and more, to your Archive, Spam, or Trash folders. If you notice a filter you can click on it and click the trash icon to remove it.
Next, click the Security and privacy on the vertical tab list to look and see if someone added any blocked addresses or blocked websites in your email. This is usually where someone adds addresses from places like Amazon and your online banking to prevent you from getting email updates from them. Select and delete any blocked addresses or blocked domains that you didn't add.
The Yahoo! Mail Classic version
Log into your Yahoo email and look in the upper right corner. Click the drop-down arrow next to Account Info and select Settings.
Log into your Yahoo email and look in the upper right corner. Click the drop-down arrow next to Account Info and select Settings.
Next, click the Filters option on the left and then look for any added filters to your email. If you find a filter that you didn't create then select it and remove it.
Next, click on the Blocked Addresses option and then remove any blocked addresses that you didn't add.
Change your Password and Use a Password Manager
Now change your YaHoo password and don't let your browser save the password. Modern browsers makes it easy to sync your passwords, settings, bookmarks, and more; however, this helps a hacker sync the data stored in your browser to his/her browser. I recommend using a password length of 16 characters and include symbols, numbers, lowercase and uppercase characters, and exclude using similar characters. Never, reuse passwords and change your password often. I also highly recommend that you use a password manager like Bitwarden.
Now change your YaHoo password and don't let your browser save the password. Modern browsers makes it easy to sync your passwords, settings, bookmarks, and more; however, this helps a hacker sync the data stored in your browser to his/her browser. I recommend using a password length of 16 characters and include symbols, numbers, lowercase and uppercase characters, and exclude using similar characters. Never, reuse passwords and change your password often. I also highly recommend that you use a password manager like Bitwarden.
I hope your YaHoo account wasn't compromised, but if it was, I hope you were able to regain control of it and secure it.
Please share this with others to make sure their YaHoo account is secure.