So, recently my email account got "borrowed" to send all my contacts weird links. What a hassle, huh? After I let my colleagues know about this, and that I had fixed it, I got an email from a sweet, older man. He said the same thing had happened to him, but he had no idea what to do. He wondered if I could tell him what I did.
After I emailed him back, I thought that this information might be useful to others as well. Thus I'll post it here, and hope that your own security is quickly restored.
I noticed my account was wrong when I had 18 emails telling me that MailerDaemon failed to deliver. Deliver emails I never sent. What the what? Oh uh.
The first thing I did is go to Google and type My Yahoo Mail got Hacked into its search bar. Then I read a variety of the question/answers and articles I found describing what to do in this situation.
Next, I went back to my email and accessed Account Info found under the Hi,Yourname sign in icon. Under Account Info, I selected Contact Info and checked to make sure that no one had added an unauthorized phone number or email contact that they could use to monitor my account activity. They hadn't so that reassured me. If they had, I would have deleted those.
I also searched under Choose How Yahoo Contacts You and made sure that none of my contact info had been changed.
Under Sign In and Security, I clicked View Your Recent Sign In Activity. There I could see lots of California browser access hits from me, and two from India. So I knew the time and day they had accessed my account which was about five minutes before emails started going out from it. Now I'm checking that about twice per day to make sure that there is no more unauthorized access from odd places, which there has not been.
That makes me feel like they got in, sent emails, got blocked by Yahoo, and moved on. I noticed that Yahoo had increased security measures on my account, making me enter captchas for each email I wanted to send right after the hacking. So I felt like Yahoo had also noticed the spamming and restricted access.
I mentally reviewed all the data I have ever sent from this account. None of it included SS numbers or credit card/banking info, so I wasn't too worried about them accessing that. I also have different passwords for all of my other online activity so even if they had my password they couldn't get into any other accounts.
I noticed that India accessed my account through a Yahoo Partner Application. I'm not even sure what that is, probably Yahoo calendar or instant messaging, etc. Since I only use my account as boring old email and I mostly use a laptop, never a smartphone, I didn't need access to anything else. So I went into Manage App & Website Connections. I deleted the connections for Yahoo Partner Applications and Mobile Devices. I hope that stopped the hole right there.
Finally, I changed my current password to an even stronger one made up of random words that make sense to me with numbers and capitals interspersed. So far, it seems to have solved the problem and my account is working fine.
And below is a link that I promise is NOT spam that will take you to a funny but very useful math web-comic strip that shows how computers hack passwords and how to make a very strong but easy to remember one.
I hope this helps you too! :)