My apologies... this is more than a MAC issue, but I need your good advice, kind folks! :-)

I sit on a committee that is hosting an international conference this October. We send out email notices to some 600 candidates every few weeks. Dozens have registered online. We have been communicating with many others using a Yahoo Mail account. Yesterday, people advised us that they received an email from me, as Event Manager, that I was ...on vacation in Spain, very sick and needed money to come back home... send money, yadda.

We logged into our account and noticed that the SPAM was coming from Nigeria! Immediately we changed our password, which Yahoo says should stop that. BUT all our IN and SENT emails are gone and our complete 600 name database! We can't even email those folks to apologize and tell them what happened.

Yahoo has a reporting procedure for Spam which we've done. I've called their toll free number and they steer us back to Yahoo Help online. Who knows when and how they will reply. I've noticed there have been no new incoming emails. When I try to send ONE new email, it shuts me down due to "suspicious activity on the account".

Any idea how to deal with this? Our database of names must still be out there, I hope!
Is there someway or someone who could access our address book and previous emails?
Is there a way to reach a live person at Yahoo?
This has seriously compromised our event!

A couple of thoughts here that sadly are too late for the OP. Perhaps this thread will encourage others to take the needed steps to make sure they are not similarly victimized.

1) Use very robust passwords on any eMail account. Yes it is a pain but the simpler the password the easier the hack.

2) Never ever use the cloud for an important data base. Be sure it is backed up on your main computer, backed up again then printed with copies stored offsite.

Hopefully Yahoo will find a back-up that predates the hack, perhaps at a price. However as you have discovered Yahoo does not exactly encourage communications with its users.

Perhaps someone here has an eMail addy or phone number of someone at Yahoo who can actually help you and who has not been pink slipped.

Wow, that's terrible Raven.

I don't suppose your contacts are still in the Yahoo "deleted contacts" list?

Edit = I wonder if it had anything to do with this: Yahoo investigating leak of 450,000 passwords, user IDs - Technology & Science - CBC News (http://www.cbc.ca/news/technology/story/2012/07/12/tech-yahoo-password-leak.html)

Anyways, judging by the fact that yahoo was susceptible to a simple mysql injection attack, I would recommend switching to gmail when you get the chance.

Westweb,
No contact list anywhere!
Tried gmail before, but it's too fussy when you want to send many (legitimate) emails. Too late for that anyway.

How to restore our emails?
How to restore contact list?
How to contact a live person at Yahoo?

I got informed today of something going on from my 1Password Twitter page (Agile Blog). They said this:

July 11th, 2012
Yahoo! Voices Website Breached 400,000+ Compromised

It looks like there could be some relevance here to your problem, I don't know, but here is a link you may want to look at regarding the leak...

http://tinyurl.com/7sra33j

Following is Agile's response to what they think has happened regarding security...

Friends don’t let friends reuse passwords | Agile Blog (http://tinyurl.com/8x92f8n)

Somewhere in all that you will see that Yahoo doesn't even encrypt any of the usernames or passwords, etc. It's hard to imagine.
Good luck.

Raven, if you were among those using any Yahoo! Voices type accounts, you can do a partial search your your address, it's recommended to not use the full address when searching and see if you're included on the list at:

Yahoo! cleartext passwords (http://dazzlepod.com/yahoo/)

"The data breach only applies to VOICE users. Normal mail users are not affected. …"
Comment post:
Yahoo hacked: Gmail, Hotmail users could be at risk after 400,000 passwords stolen | News | National Post (http://news.nationalpost.com/2012/07/12/gmail-hotmail-users-could-be-at-risk-after-hackers-steal-400000-yahoo-passwords/)



It seems that a few other user email accounts including Google Inc, AOL Inc and Microsoft Corp services have also been compromised and are advising such users to change their passwords.

"Some logins for Google Inc, AOL Inc and Microsoft Corp services were among those compromised. The three companies said they required affected users to reset passwords for sites including Gmail, AOL, Hotmail, MSN and Live.com."

Yahoo breach puts users of other sites at risk | News | Tech | Toronto Sun (http://www.torontosun.com/2012/07/12/yahoo-reports-theft-of-400000-accounts)

I am not clear how it is that Yahoo has Gmail and Hotmail passwords of their users...

I am not clear how it is that Yahoo has Gmail and Hotmail passwords of their users...

I was wondering the same thing and maybe one of the 'net networking gurus will add some logical explanation.

I'm guessing that it's got something to do with some sort of the particular 'net servers and some users accounts sharing and access or something.

I am not clear how it is that Yahoo has Gmail and Hotmail passwords of their users...

Users are often asked to provide a secondary email address (and use Gmail or Hotmail) and use the same password?

I am sorry but there are so many things wrong with this scenario as described I don't know where to start.

Actually not true - I do know. The performance you are receiving from the Yahoo mail account is entirely what you should have expected!!!!! Yahoo accounts are notorious for being hacked, sources for spam an phishing attempts of all kinds. They are the worst, most permeable and, next to a hotmail address, have the cheesiest 'optics' in the industry. Want to lower your profile? Use Yahoo!!!!!

You say you are on a committee organizing an "international conference".......... Just how small and insignificant is this conference? Most such endeavours have an identity or their own domain. Why would the committee not contract with any number of legitimate ISPs for email service on that domain at a line item of about $100/annum in the budget. Who the hell advised using Yahoo? and who the hell thought up keeping the only copy of the email list in the mail account itself? I hope the committee hasn't been paying anyone for this advice.

i am sorry but there are so many things wrong with this scenario as described i don't know where to start.

Actually not true - i do know. the performance you are receiving from the yahoo mail account is entirely what you should have expected!!!!! yahoo accounts are notorious for being hacked, sources for spam an phishing attempts of all kinds. They are the worst, most permeable and, next to a hotmail address, have the cheesiest 'optics' in the industry. Want to lower your profile? Use yahoo!!!!!

You say you are on a committee organizing an "international conference".......... Just how small and insignificant is this conference? Most such endeavours have an identity or its own domain. Why would the committee hot contract with any number of legitimate isps for email service on that domain at a line item of about $100/annum in the budget. Who the hell advised using yahoo? And who the hell thought up keeping the only copy of the email list in the mail account itself? I hope the committee hasn't been paying anyone for this advice.

+1

We get yahoo compromised mail all the time :( and have to alert the client that is affected.

That mail to us usually contains many mail addresses ( never bothered to look ) so the OP might be able to retrieve the addresses if anyone of his contacts has kept the mail sent by the spammer.
Don't know the send out limits on Yahoo

We get yahoo compromised mail all the time :( and have to alert the client that is affected.

That mail to us usually contains many mail addresses ( never bothered to look ) so the OP might be able to retrieve the addresses if anyone of his contacts has kept the mail sent by the spammer.
Don't know the send out limits on Yahoo

I believe ≤20 is the magic number.

BTW one of Yahoo's and I suspect other free eMail accounts major vulnerabilities are secondary passwords. Older account users were forced to select these on the fly, and since it came as some surprise, often did not put nearly as much thought into them as the Primary Password. To make things worse as near as I can figure out these secondary passwords are nearly impossible to change, especially if you have long since forgotten them. The real irony here is that you have forgotten or lost that main password the chances of recalling the secondary PWds are somewhat less than nil.

Edit: Click on your User Name when logged into your eMail, you can strengthen the secondary passwords there. Be sure the answer bears no relation to the question. For example answering "Honda" to "First Motorcycle Make" is gonna make for a very easy hack indeed.

Yahoo users are asked to update their secondary information once in a while. Even when not asked, it's very easy to change this information.

But people give stupid answers: "What street did you first live on?" and they'll give the actual answer. Not only should the answer not be obvious, it should be something entirely different, and as complicated as any password should be: a mix of upper and lower case letters; numbers; diacritical marks.

Except for the hacking as above, this isn't a Yahoo problem. It's a password problem.

Yahoo users are asked to update their secondary information once in a while. Even when not asked, it's very easy to change this information.

But people give stupid answers: "What street did you first live on?" and they'll give the actual answer. Not only should the answer not be obvious, it should be something entirely different, and as complicated as any password should be: a mix of upper and lower case letters; numbers; diacritical marks.

Except for the hacking as above, this isn't a Yahoo problem. It's a password problem.

Agreed. However the secondary passwords are not case sensitive meaning it is more critical than ever to include numbers and diacriticals. Also the longer the PWd, the harder the hack.

Hmm.. nothing better than random passwords..

Security Guide for Windows - Random Password Generator (http://www.pctools.com/guides/password/)

Just deleted a Yahoo! e-account. No need to carry around multiple addresses. I was getting silly. Now, just a Gmail account because of blogs and free phone calls/chats, and I found GMX, which seems clean and simple enough.
/M.

Here's a wrap up to our problem FYI.

YAHOO MAIL ACCOUNT HACKED. LOST ALL EMAILS & CONTACT LIST.
FYI. SUMMARY OF WHAT HAPPENED...

1. Went to Yahoo Help to read up on Spam and Email Abuse.

2. Changed to stronger password to stop further intrusion.

3. Posted to Yahoo Answers for help. Useless.

4. Submitted official forms to Yahoo to restore emails and contacts.
They say they will get back to you in 24-48 hours. Didn't happen!

5. Posted my questions on several Mac Help Forums how to recover valuable information.

6. Tried gethuman.com. Interesting site. Not much help for Yahoo... No phone no. or live chat!

7. Thanks to Xair at Techsurvivors.net - he gave me a toll free number to call.
1-866-562-7219... You get a choice of voice mails that steer you back to Yahoo Help. Useless.

8. Thanks again to Xair at Techsurvivors.net - gave me a direct Yahoo number to call - 408 349 3300. After trying numerous extensions and mostly voice mail, I finally found a a live operator !!! But she would transfer me to - more voice mail with more prompts and back to Yahoo Help again. 3 times!

9. Called back and kept trying different extensions until I got to talk to... Ron! He was able to restore my 697 contacts!!! Yeah! :-)

10. Ron then referred me to Yahoo Chat and live texting (Luke) to restore all lost emails.
He tells me he gets one chance to tap into the server to find emails at a certain point in time. Any attempt to restore after 48 hours has a slim chance of success. I explained that I submitted a Restore Form to Yahoo within hours of the hacking. There had been no reply. Apparently my form was sent to the wrong department. Go figure. :-(
Luke was very polite and made that one attempt. No emails became visible. Lost forever! Aaargh.

11. Yahoo sent me a customer survey. Other than the fact that it took 2 solid days to find someone live to talk to, the two guys were polite and helpful. I have my contact list again and our conference is back in business.

13. Lessons learned...
Use better email system.
Keep copy of Contact list elsewhere.
Back up important emails.
Techsurvivors.net was the most helpful in the fastest manner.

THANK YOU, THANK YOU!!

(Aside... I'm a Downhill Ski School Director on the side. When a student comes for a lesson whether they are a never-ever, intermediate skier who has never taken a lesson and wants to improve because bad habits are holding them back, etc., we NEVER scold them that they did something wrong in the past. We are happy they want to improve. Not everyone is as smart as rgray who posted earlier. That's why people like me post questions here for help. I appreciate any good advice very much. As a novice, I am learning always. EVERYBODY is a novice at one point with everything! Don't assume you know our situation - hosting our first small conference in a small town in wilderness northern Canada without a lot of computer gurus in town, a very tight budget, very limited timeframe, etc. We must continue with what we've got. It has been a learning curve. Regards! )

Interesting, as I believe Congress expects all eMail servers to keep that data for something like 6 months to a year, yet they cannot restore to an earlier point in time.

Was this Yahoo.ca or yahoo.com?

(Aside... I'm a Downhill Ski School Director on the side. When a student comes for a lesson whether they are a never-ever, intermediate skier who has never taken a lesson and wants to improve because bad habits are holding them back, etc., we NEVER scold them that they did something wrong in the past. We are happy they want to improve. Not everyone is as smart as rgray who posted earlier. That's why people like me post questions here for help. I appreciate any good advice very much. As a novice, I am learning always. EVERYBODY is a novice at one point with everything! Don't assume you know our situation - hosting our first small conference in a small town in wilderness northern Canada without a lot of computer gurus in town, a very tight budget, very limited timeframe, etc. We must continue with what we've got. It has been a learning curve. Regards! )

I am sorry if you took what I said as harsh.

And I am not particularly smart, but I do not think that being novice excuses failure of to execute due diligence especially when taking on projects that involve others. In the case of Yahoo due diligence should not be a problem as all the media coverage on the topic is universally negative. They are always in the news for being hacked (Nearly half a million Yahoo emails and passwords leaked online by new hacker group | Mail Online (http://www.dailymail.co.uk/sciencetech/article-2172558/Nearly-half-million-Yahoo-emails-passwords-leaked-online-new-hacker-group.html)) - you'd have to live in a cave to miss it or so I thought. Anyone with an inbox has experienced Yahoo's crap - spam, scams, phishing.

Another thing - I can almost guarantee where I live is smaller with less resources so don't assume. For that very reason we learn to look out for ourselves. ;)

Anyway I am glad you got your list back and hope that things work out. :D

FWIW, my downhill instructors ALWAYS have plenty of negatives to say about the bad habits I have picked up in the past...... ;)

Raven, I'm glad you got that sorted out: you did some good detective work there!

... We send out email notices to some 600 candidates every few weeks...

I have one more piece of advice that may help you in the future. Most people I know of in the web industry, that have mailing lists as large as yours, are moving to a free service called "Mailchimp" to handle sending out emails in that kind of volume. Not exactly sure what you're needs are, but check it out!

Email Marketing and Email List Manager | MailChimp (http://mailchimp.com/)

Raven,

I assume you're a Mac user posting here. You may want to set up a second user on your Mac for the sole purpose of using Address Book to manage your growing contact list for this organization. You can further manage your contact list through a CRM program... Bento is my personal tool of choice (it's cheap, easy to use, and effective), but there's lots of choice out there.

Secondly, as WestWeb pointed out, you should be using a mail marketing program to perform your mailing campaigns. Not only will you avoid situations like you just experienced, it will help you manage your mailing list in terms of validity and response rates. MailChimp is probably the best option out there, and it works with a lot of CRM applications on the market.

Good luck.

I am sorry but there are so many things wrong with this scenario as described I don't know where to start.

Actually not true - I do know. The performance you are receiving from the Yahoo mail account is entirely what you should have expected!!!!! Yahoo accounts are notorious for being hacked, sources for spam an phishing attempts of all kinds. They are the worst, most permeable and, next to a hotmail address, have the cheesiest 'optics' in the industry. Want to lower your profile? Use Yahoo!!!!!

You say you are on a committee organizing an "international conference".......... Just how small and insignificant is this conference? Most such endeavours have an identity or their own domain. Why would the committee not contract with any number of legitimate ISPs for email service on that domain at a line item of about $100/annum in the budget. Who the hell advised using Yahoo? and who the hell thought up keeping the only copy of the email list in the mail account itself? I hope the committee hasn't been paying anyone for this advice.

no idea how you can look at the above message and not wonder how your post was taken as "harsh"

it was kind of a full on raging dink-fest.