Somebody just gained access to my yahoo mail account earlier and sending spam messages to all peoples in my mail contacts. I’ve never shared account information with anyone before and neither i shared it with friends or family. Only account sharing with several legitimate services such as flickr. But i must admit that i was using the same password while registering for several online services that require an email.
Suddenly, I’ve got so many MAILER-DAEMON (failed delivery) notification on yahoo inbox earlier, whereas no emails was sent from my account today and i don’t remember sending emails in the last 3 days.
When i saw the email body within MAILER-DAEMON messages, i remembered got a similar message from my friend last year while he said he didn’t send any message to me and later on he said that he’s account was compromised.
Anyway, i decided to view for recent login activity information on my account and surprised seeing 2 login information not from my country just few hours earlier. Gladly there are no account information changed, only some contacts missing from my contacts list. I still can login using my old password.
Knowing my account being compromised i decided to change password immediately. But i saw something new on yahoo account setting page - Second sign in verification feature.
This feature use mobile phone as a second login verification when somebody tried to login from different computer. It is similar with Google mail 2nd step verification feature. So i activated that feature immediately before changing password.
Still on account setting page, i saw sign-in seal feature, another security feature from yahoo. If you enable this feature, you’ll see a small image contain words or images you’ve set on account setting sign-in seal on yahoo login page for current computer. This image indicated that you’re on the right official yahoo login page. This could help you avoid yahoo account phishing attempt but only for current computer.