On August 30, my YAHOO address book was accessed and all addresses received a promotional email from a Chinese site. The emails were the usual, a personal note from "me" urging the recipient to go to this wonderful site and buy everything cheap.
My YAHOO address book has been sitting in the account for years, and many of the addresses are no longer valid. That made the event a little less embarrassing. I emailed everyone suggesting that they delete the "better shopping better life" email as I did not really send it.
Now, just a few weeks after reporting the incident to YAHOO security, they have sent a return email. That's what I love about email, it only takes three weeks to contact somebody. YAHOO will only consider assisting me if, among other information, I provide them with my secret security question. The account is more than a dozen years old. In the last decade, like most folks, I have provided many security questions and answers to many accounts. This is part of their response and the information they required before providing any assistance:
Please know that we do have access to original account information and
that we will be unable to provide login or other assistance without
completely verifying your account.
* Yahoo! ID (If you cannot supply this ID, please give your alternate
email address given during your original registration)
* Your name
* Date of birth (mm-dd-yyyy)
* Your alternate email address
* Secret Question and Answer
* Your city and state
* ZIP Code or Postal code you entered during registration
* Your country
Apparently YAHOO security will not help me unless I know the particular question that was established for this account years ago. My question to them is why not ask me the question and I'll supply the answer. That would make too much sense.
What help did I request that requires me to establish that I'm not a criminal trying to compromise their security? I told them I had changed my password and asked if there were any other steps that I could take to avoid further problems. Really sensitive information, right?
Comments(9)