If you have been hearing about the Yahoo.com email account breach and changed your password – great!
WARNING – If you have an Att.net account and you stepped through the uVerse/att.net account password change your password has NOT been updated at Yahoo.com.
A little Test
To verify your password was changed or not changed follow these steps:
- [Log into att.yahoo.com – change your account password (redirected through att.net site)]
- [Log out and back into att.yahoo.com – verify that your new password is set and enforced at att.net. Your yahoo/att email is accessed here via new password.]
- [Navigate to yahoo.com – log in with old password. Success. You can still access your yahoo email via your old account password. This is not good.]
If the password was in fact updated you should not be able to log into yahoo.com directly with your old password.
Use the images above to remind yourself that you are logging into att.net or yahoo.com directly.
What is going on?
Well it appears that the password and account update that att.net should be sending to yahoo.com just isn’t happening. Yahoo.com never gets the message that you now have a new password and goes along letting you continue to log in with your old one.
What is att.net & yahoo.com doing? Will they fix it?
Bug reports were submitted last month. The only response was “we will inform the team.”
We have yet to see anything change and millions of users could still think they are secure when in fact they are not.
So far it looks like neither company is doing anything.
OK, what Should I Do?
Leave yahoo.com. Simple and straightforward.
Setup a gmail.com account and use the internal account migration tools to get your data off yahoo.com.
Delete your yahoo account info and close up shop. They have been extremely slow in even acknowledging the initial data breach and I suspect they will be even slower in fixing this issue.