SAN FRANCISCO (KPIX 5) — When Yahoo announced last week it had suffered a massive security breach that compromised 500 million accounts, the company advised customers to immediately change their passwords.
But some Yahoo customers are saying that’s easier said than done.
Art Stryer is one of the them. The Bay Area retiree says as soon as he heard about the hack, he tried to change his Yahoo password. But, Stryer, whose Yahoo account is merged with his AT&T account, hit a roadblock.
“When I went to Yahoo to change the password, it wouldn’t allow me to do it,” he said. “I could change the password of the AT&T account, but not the password of Yahoo.”
Calling both companies for help, didn’t help either.
“I spoke with people at support centers for AT&T and Yahoo and they each referred me to each other,” Stryer said.
“Not being able to change their passwords right away is dangerous,” according to CNET’s Laura Hautala. She says while the compromised information was encrypted, customers, particularly those with common passwords, are still vulnerable.
“If you have an easy-to-guess password or if they’re [the hackers] persistent enough, they could break that scrambled-up code,” Hautala said.
Concerned about his inability to change his password, Stryer reached out to Consumerwatch, and we reached out to AT&T. The company’s Matthew Cross told us “the best solution is to ‘Unmerge’ the AT&T and Yahoo accounts.” It’s a six-step process you can find here: https://www.att.com/esupport/article.html#!/dsl-high-speed/KM1047015
But that’s not the only headache to result from the massive breach.
Hautala says “some people may have Yahoo accounts and not realize it.”
She says customers with AT&T or SBC Global email addresses may also be affected, even if they never had a Yahoo address.
“When they set up their AT&T account with broadband or other services, they had an option to create an email account that was running through a Yahoo server,” Hautala explained.
CNET says the option dates back to a 15-year-old partnership between AT&T and Yahoo.
In a statement AT&T told KPIX 5: “Yahoo! is notifying all of our potentially affected customers, but we are taking the extra step of sending an additional reminder to those customers to change their passwords.”
Hautala’s advice? Change all your email account passwords frequently, even if they don’t have a Yahoo address.