Yahoo Security Breach – won’t update passwords

If you have been hearing about the email account breach and changed your password – great! 

WARNING – If you have an account and you stepped through the uVerse/ account password change your password has NOT been updated at Log In

A little Test

To verify your password was changed or not changed follow these steps:

  1. [Log into – change your account password (redirected through site)]
  2. [Log out and back into – verify that your new password is set and enforced at Your yahoo/att email is accessed here via new password.]
  3. [Navigate to – log in with old password. Success. You can still access your yahoo email via your old account password. This is not good.]

Yahoo - login

If the password was in fact updated you should not be able to log into directly with your old password.

Use the images above to remind yourself that you are logging into or directly.

What is going on?

Well it appears that the password and account update that should be sending to just isn’t happening. never gets the message that you now have a new password and goes along letting you continue to log in with your old one.

What is & doing? Will they fix it?

Bug reports were submitted last month. The only response was “we will inform the team.” 

We have yet to see anything change and millions of users could still think they are secure when in fact they are not.

So far it looks like neither company is doing anything.

OK, what Should I Do?

Leave Simple and straightforward. 

Setup a account and use the internal account migration tools to get your data off

Delete your yahoo account info and close up shop. They have been extremely slow in even acknowledging the initial data breach and I suspect they will be even slower in fixing this issue.



Leave a Reply