Yahoo’s advice is to change your password, but there are several more security settings to change as well as just your password. This Help page has more information, stated clearly, with several links to clarify the steps.http://help.yahoo.com/kb/index?page=cont…
and more at http://help.yahoo.com/kb/index?page=cont…
1. FIRST, check that the alternate e-mail address/mobile phone number is still yours, under Options, Mail Options, Account Information, but then change the alternate address, so the hacker will not be notified of the change! Check the ‘Reply To:’ address, Vacation Response and other linked Mail accounts as well to be sure they are still yours. Check and delete any Contacts, accounts and linked social networking sites you do not recognize.
2. Then change both your password AND your secret questions and answers. Make the password a long, strong one with mixed characters! Length = Strength for passwords! Start with a sentence and make substitutions with numbers, symbols and punctuation. Go to “Update password-reset info” to change your Secret Questions and Answers. Make sure they are unchangeable, unique, and easy for you to remember. For a Yahoo account, you can change your password at https://edit.yahoo.com/config/change_pw. If you can no longer access your account, you can get a new password at https://edit.yahoo.com/forgotroot/.
See http://strongpasswordgenerator.com/ for more tips on creating a strong password(and what NOT to use) OR http://www.informationweek.com/langa-let…
3. *** If spam mail was sent to any of your contacts, apologize, and notify all your contacts NOT to open short e-mails, especially those with no subject, and definitely not to click any links. Warn them to change their passwords and scan for malware too, just in case. (The limit is 100 addresses per mail, and 200 per hour, but send to far fewer than that in each message, just in case you trigger Yahoo’s spam ‘suspicious activity’ detector.) Set up an alternate ‘alias’ account to use instead. This allows you to use a different address for sending, but still keep all saved mails and contacts and the first address active too for incoming mail. Your friends can trust this new address! There is a choice of address in an arrow in the From: box. Also add a signature to your mail so your friends will be sure the mail is really from you …http://edit.yahoo..com/config/list_alias (alternate address)
*** Changing your password also deletes the cookie which apparently inserts that sly trojan address grabber that sends spam to your Contacts list. ***
If you used this password for other accounts, change them too – make every one different. Make the password much longer than 8 characters, with mixed symbols.
Usually, this is all you need to do, although mail will still be sent in the name of the old account for a short while – there’s nothing you can do about that. Once spammers have a valid address, they continue to use it, even after the account is closed/deleted!
Answers is a Jungle