Three of my friends had their Facebook account hacked in a span of a month. How? Their Yahoo! Mail was hacked. They all associated their Facebook accounts with their yahoo mail. My girlfriend is one of them. I’ve told her many times to avoid using yahoo for anything that she values – e.g. social networking, credit transactions, etc. Now I don’t have to say “told you so…” for her to learn from that mistake.
I’ve known for a long time that Yahoo is easily hackable. Heck I can’t even believe that it is TOO EASY! If you have a hacked yahoo account and wanted to purge it of anything – you’d be out of luck. I tried recovering my girlfriend’s yahoo account thru the same process a hacker can get hold of it. Go to a Yahoo portal, click ‘Forgot Password’ or ‘Can’t access my account’ and you’re good to go. That’s how easy it is. You can just change the password with the steps provided in Yahoo!
Obviously it isn’t good enough to just recover the account and change its password. I tried deleting her account thru Yahoo’s Delete steps shown here. So I thought she’s in the clear from the hacker recovering access to her Yahoo account. Guess what?! After you delete your account Yahoo! shows you this page.
I tried logging in with my girlfriend’s account with the wrong password. And guess again! It doesn’t even make sure that I typed in the password it just asks me to verify if I want to re-active it and voila! I can open it again. I still have 90-days to RE-ACTIVATE it as what Yahoo! says anyway. A hacker can practically take over as long as he/she wants if needed…but for the real owner, you’d have no choice but to just wish hard the hacker won’t do more damage than what they already know – limited or not!
So for anyone using Yahoo! keep it for fancy un-important stuff. Make sure you don’t keep confidential information in it. I have a Yahoo! account but only for messenger – but I barely use it for important stuff anyway. You’ve been warned!
P.S. Gmail is rock-solid in recovering passwords and even deleting accounts when the user decides to. I just created a user in gmail to test it out. The password recovery facility is so tight you can only recover it through a secondary email. Deleting a google account will delete it instantly. I can’t recover it in any way.