Protecting Your Email from Exploits: Yahoo Mail Incident
On Monday, my email was compromised due to an XSS vulnerability present in Yahoo Mail. I immediately changed my password, but I am unsure if this is enough. Do I need to delete my cookies and take any other precautions?
Answer
Changing your password is enough to prevent the attacker from regaining access to your Yahoo Mail account. However, it is recommended to take additional precautions to ensure the security of your account.
First, consider changing your security questions or recovery questions. This will make it harder for the attacker to gain unauthorized access to your account in the future.
Second, set up a mobile number for password resets. This provides an extra layer of security and ensures that you can regain access to your account even if you forget your password.
Deleting your cookies is not necessary in this case, but you can do so if you prefer. It is unlikely that the attacker gained access to your account through cookies.
It is important to note that if you used the same password on any other websites, you should change it on those sites as well. This prevents the attacker from accessing your accounts on other platforms.
In some cases, the attacker may have been able to access other accounts you have on other websites. If you stored passwords for other websites in your Yahoo Mail inbox or any mailboxes on your Yahoo account, the attacker could have viewed them. Similarly, if you use your Yahoo email address as the email address for accounts on other websites, the attacker could have used the password reset functionality on those sites to gain access to your accounts.
To mitigate this risk, it is recommended to log into every other account you have on other websites and change the password for each account. While this may be a time-consuming process, it is a necessary precaution to protect your accounts from unauthorized access.
Overall, it is important to take immediate action when your email account is compromised. By following these tips and precautions, you can prevent further damage and ensure the security of your email.