Helping people with computers... one answer at a time.

Security-related information in your email account is used to recover your account. But what if the hacker now has access to all that?

My friend has an iMac running 10.6.8 and lately I (and others) have been getting spam with his name on it that he didn't send. You said in your article to change his password to Yahoo mail, but to also change his security-related information. I have no idea what that is. So what else besides his password should I tell him to change?

In this excerpt from Answercast #6, I look at the information that may be kept by your email provider for recovering your account and explore how to change it all to prevent the hacker from regaining access.

The importance of recovery information

There's an article on this; it's called "Is changing my password enough?" Basically, there are several things you want to be looking at.

The short answer is that you need to change any information that's associated with that account that could be used to perform a password recovery.

What happens is:

  • The hacker comes in
  • Changes your password
  • Gets access to your account
  • You regain access to your account
  • Change your password back, or change it to something else.

So presumably, now, only you have access to your account. But while the hacker was in there, he could have been looking at all of this other information that would be used to perform a password reset. You know, the thing that happens when you say, "Oh, I forgot my password." Different email services use different pieces of information to verify that you are who you say you are.

So when you say, "Hey, I forgot my password," they ask you to supply (maybe) the answer to a couple of secret questions, or they send reset information to an alternate email address, or they send something to your phone.

The hacker had access to your information

The hacker could have seen all of that. He could have set all of that so that when you change your password (and regain access to your account), the moment the hacker notices this, all he has to do is say, "Hey, I forgot my password," and the password reset might get sent to an alternate email address he set.

The password reset might now be secret questions that he has set the answers to; the reset might involve the telephone that he has changed to be his number instead of yours in the account information.

Time to change everything

So the kind of things that you want to be changing or verifying to make sure that they are still set to what you expect them to be are: your alternate email address (to which password reset information might be sent), your secret questions, and their answers.

If the answers are visible, change them. Change them now. Change them to something else or choose different secret questions. If they were visible to you, then the answers were visible to the hacker while he had access to your account. Any telephone, mobile, or cellular information (to which reset information might be either phoned or texted) should be verified. Billing information sometimes is used for this.

Make sure that billing information (your home address, your credit card numbers, that kind of thing) to the extent that they are visible, have not been changed and are still yours. So changing your password is most definitely not enough. Those are the kinds of things to be looking for.

If the email, the spam, that you're receiving is definitely from his account, then he definitely needs to be looking at this.

There are definitely some other scenarios where spam can look like it came from somebody else where their account is not hacked; but if it's you and your friends (that are all in his address book), chances are his email account was hacked for awhile and he needs to go in and change all of that information.

Next - Where are canceled or failed downloads stored?

Article C5166 - April 4, 2012 « »

Share this article with your friends:

Share this article on Facebook Tweet this article Email a link to this article
Leo Leo A. Notenboom has been playing with computers since he was required to take a programming class in 1976. An 18 year career as a programmer at Microsoft soon followed. After "retiring" in 2001, Leo started Ask Leo! in 2003 as a place for answers to common computer and technical questions. More about Leo.

Not what you needed?

1 Comment
Chuck
April 6, 2012 5:38 PM

I would add one thing: change the security answers even if they are not visible. Why? Because the hacker could have made note of what the questions were, but changed the hidden answers. So just because they're the same questions doesn't mean the answers haven't been changed. And if they were changed, you wouldn't even know it because the answers are hidden ...

Comments on this entry are closed.

If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.

If you don't find your answer, head out to http://askleo.com/ask to ask your question.