Yahoo account hacked with strange circumstances; what should I do?

[ryko]

I have the usual "my account was hacked and spam was sent to all my contacts" problem, but mine is a little different. Not only did the hacker spam all my contacts, but s/he then deleted all my contacts, and all the e-mails in my inbox! Plus the preferences I had set for my account (like using Classic Mail rather than the newest version, and having Chat set as "invisible") were all changed.

Luckily, some of the deleted contacts were still in the "deleted contacts" folder, so I was able to reinstate those and contact some of them to let them know what happened. But I have no idea who else the spam was sent to, and how I can fix this.

So far, I've changed my password, and I've checked all the other account information, and my alternate e-mail addresses are all as usual. I assume I will have to close this account, but I can't do it right now because I need to locate all my contacts first (and try to remember who they all were). What can I do to avoid this kind of incident in the future? And why did the hacker delete my entire inbox and all my contacts? None of the other e-mails in specific folders were deleted, only the inbox e-mails.

Also, the e-mail sent from the account was asking for money (I was in Spain and needed money to help a friend). Could I be prosecuted for something like this if someone reports me for fraud? I'm a little worried about that (though there is probably a small chance of that happening) because I'm sure some of the contacts who received the e-mail were large businesses with whom I've had occasional contact, and they may be less tolerant of requests for money.

[LiquidZero]

In all likelihood, you SHOULD delete your account.

Your hacker more than likely deleted all of your contacts as a joke, warning, or just because. There's also the possibility that your hacker inadvertently added their own address to your contacts list when sending a message from your email account.

Your hacker may have cleared your inbox after sending and receiving a self-made message to and from themselves to check open ports, protocol, or to view advanced administrative handling of mail through the gateway. It's possible that if the hacker obtained enough information, and administers the right antilogarithm in a script or a program, that they will be able to send mail messages from your account without ever having to log into it ever again.

The good news is: No, if you didn't do anything illegal yourself with sending emails about sending money or whatever, then you will not be prosecuted. "Why?" you ask. Well, the IP address is the reason. Every computer connection has a specific IP address. While two IP addresses may be the same, no two IP addresses AND domains are the same. So, if your hacker used your email inbox and outbox to commit fraudulent actions, your IP address was never used; meaning you have nothing to worry about.

All-in-all, delete the account. Create a new account. Change your password frequently (once or twice a month is good, once a week is an excellent idea). Use a strong password when creating a password. Keep your email address hidden from the public: If you're on a social network like Facebook, Buzz, Twitter, etc.. opt to never receive notifications and not let your address be visible. Keep your email address off of ads like Craigslist. Don't sign your email address into fields to receive "free" or "promotional" information or "you win" some crap that you'll have to fill out thousands of surveys for. Treat your email address as you would a social security number and only give it to the people that need it. If you're creating a new account for a web site, use a secondary address to keep your email box clean of third-party sites, ads, and links.

Strong Passwords -->
Strong passwords consist of more than eight (8) characters, using multiple types of characters. Using "b" and "B" makes a significant difference. Use punctuation, numbers, and different cased letters. Write a sentence instead of a word. Example: "password" is not a strong password. "mY passwOrD is No. 1!" is a strong password. "kathycat" is not a strong password. "Kathy_Cat1181" is a strong password.