Federer and Del Potro
Bionic Poster
Are any of you getting strange emails from Yahoo as of late? Emails that give you a verification code from different states that make it look like someone is trying to breach your account?
I got it on two separate accounts I use and they look legitimate - but the weird thing is there is no evidence of either account actually being accessed - no unknown devices - no information changes (which Yahoo lays out pretty clearly and concisely and it cannot be deleted so one cannot cover their tracks).
I cannot tell if it is a credential stuffing attempt and X amount of wrong logins prompts the email, or if someone actually had my username/password and that code acted as the final defense mechanism toward the account being taken over. What makes zero sense though is why would that code be sent to the email that is trying to be breached LOL - that makes zero sense. If someone is trying to brute force in or if I didn't have access to my account and the only way to get in is by typing a code sent to...that account....I'd never be able to get in. It SHOULD be going to your back-up emails on file.
If you guys/girls have Yahoo accounts - I implore you to check for these shady messages and change your passwords accordingly. Yahoo did have quite a sizable breach and data leak not too long ago. Surfing around the internet a bit I have found that this is NOT a problem that is limited to just me. So be vigilant and check your accounts.
My main concern is less about the email itself and more about the subsequent accounts attached to the email - Paypal, Venmo, social media, my ttw account (!!!!) etc. Your accounts are only as safe as your emails that are tied to them. I have 2 factor on everything but you can never be too careful.
If any of you have gotten these bizarre emails please let me know. It seems to be Yahoo related only.
The email will read something like "Your Yahoo verification code is XXXXX -" then it will show you some IP that is very obviously not yours.
Edit: I was able to replicate the email. If you select 'trouble signing in' and then enter your email the code will go to your primary email. That would seem to indicate it is indeed credential stuffing. Someone probably has a bot mass typing in emails that prompt the code emails to be sent. The good news is that likely means passwords/the like are not compromised..just that your email is known (which is unavoidable). The weird thing is I don't see how that would achieve anything. I don't see how sending that email to accounts is going to get them any chance of access.
I would still recommend anyone with Yahoo to change their information. Can never be too careful.
I got it on two separate accounts I use and they look legitimate - but the weird thing is there is no evidence of either account actually being accessed - no unknown devices - no information changes (which Yahoo lays out pretty clearly and concisely and it cannot be deleted so one cannot cover their tracks).
I cannot tell if it is a credential stuffing attempt and X amount of wrong logins prompts the email, or if someone actually had my username/password and that code acted as the final defense mechanism toward the account being taken over. What makes zero sense though is why would that code be sent to the email that is trying to be breached LOL - that makes zero sense. If someone is trying to brute force in or if I didn't have access to my account and the only way to get in is by typing a code sent to...that account....I'd never be able to get in. It SHOULD be going to your back-up emails on file.
If you guys/girls have Yahoo accounts - I implore you to check for these shady messages and change your passwords accordingly. Yahoo did have quite a sizable breach and data leak not too long ago. Surfing around the internet a bit I have found that this is NOT a problem that is limited to just me. So be vigilant and check your accounts.
My main concern is less about the email itself and more about the subsequent accounts attached to the email - Paypal, Venmo, social media, my ttw account (!!!!) etc. Your accounts are only as safe as your emails that are tied to them. I have 2 factor on everything but you can never be too careful.
If any of you have gotten these bizarre emails please let me know. It seems to be Yahoo related only.
The email will read something like "Your Yahoo verification code is XXXXX -" then it will show you some IP that is very obviously not yours.
Edit: I was able to replicate the email. If you select 'trouble signing in' and then enter your email the code will go to your primary email. That would seem to indicate it is indeed credential stuffing. Someone probably has a bot mass typing in emails that prompt the code emails to be sent. The good news is that likely means passwords/the like are not compromised..just that your email is known (which is unavoidable). The weird thing is I don't see how that would achieve anything. I don't see how sending that email to accounts is going to get them any chance of access.
I would still recommend anyone with Yahoo to change their information. Can never be too careful.
Last edited:
. Excellent .
.
