Ok, I’m really confused about what’s going on. I’ve been bombarded all night by emails with yahoo verification codes from somebody attempting to log into my yahoo account (which I only have for testing email to my mailing list) from Minnesota.
I looked up my yahoo account on “have i been pwned” and it shows up on breaches of sites I am 100% sure I’ve never used my yahoo account on, like Evony and MySpace, as well as a bunch of hackers.
So I changed my password (which caused me to get another email to my real email address with a verification code, which interestingly was 4 characters instead of the 8 characters that the ones from Minnesota have had). But also interestingly, you only get the verification address after you’ve entered a correct password. Ok, maybe one of those breaches included the correct password. But I also checked my “account activity” and didn’t see any other logins.
So imagine my surprise when I continued to get verification codes. Somebody is still getting to that stage of the login even though I’ve changed my password? How?
I checked the verification emails and they look legit. All the links go to actual yahoo domains. The JavaScript that’s embedded doesn’t look like it redirects any clicks. And I did not click on them, I went directly to yahoo.com.
I checked all my account settings. There are no other email addresses or phone numbers in the account, nor is my email being forwarded somewhere. The only weird thing is that there are absolutely no messages in the Archive or Spam or Inbox. Last time I logged into this account (many months ago), there were literally hundreds of spam messages. Also, there seems to be a very long delay between a test message being sent and it arriving in my yahoo mailbox.
I am completely baffled as to what’s happening. Is my yahoo account completely pwned and being used by somebody else, or the verification emails bogus and I’m concerned over nothing?