Yahoo Mail Accounts Hacked - How Online Banks Make This Worse

Yahoo reported on its official blog that it "identified a coordinated effort to gain unauthorized access to Yahoo Mail accounts." It’s unclear how many Yahoo email account were compromised. Since Yahoo chose to publicly disclose this news, it seems likely that it affected a large number of users. According to Yahoo’s blog post, the passwords of impacted accounts have been reset to protect customers.

This incident is an important reminder for those who bank online to not only keep secure your online bank passwords, but also your email account passwords. Email has become an important communication channel for banks. The emails sent by banks don’t contain full personal information. However, they often do contain some personal information that could help hackers if they are able to access your email.

There are steps that you can take to reduce the risk of hackers gaining access to your email and bank accounts. The Yahoo blog post has some useful tips that are applicable to both email accounts and to bank accounts:

In addition to adopting better password practices by changing your password regularly and using different variations of symbols and characters, users should never use the same password on multiple sites or services. Using the same password on multiple sites or services makes users particularly vulnerable to these types of attacks.

The above advice is important for both your email accounts and for your online bank accounts. You should not share passwords on multiple sites, and that’s especially true for questionable sites. I often come across some new cool website like a discussion forum which requires a password to register and to fully access the site. That site will probably not be as secure as sites like your internet bank. So make sure that you use passwords significantly different than your online bank or email address.

Banks Email Lots of Information That Could be Useful to Hackers

When you establish an online account at a bank or credit union, you are typically required to provide an email address. That email address will be used by the bank to send out notifications and account alerts. These emails should not contain sensitive information like full account numbers, but they often contain details that could help hackers. For example, Ally and FNBO Direct email alerts to customers when an online transfer executes. Ally’s email contains the amount that’s transferred and the name of the other bank. There is no way to disable this notification. FNBO Direct’s email contains this same information and in addition it contains the last four digits of both the customer’s FNBO Direct account number and the customer’s other bank account number.

In addition to notifications and alerts, many banks are using email as an extra layer of login security. To access your bank account, you not only have to enter your username and password, but you also have to enter a security code. That security code is automatically generated by the bank and sent to either the customer’s email account or to the customer’s phone. If a hacker has access to the customer’s email account, they may then get access to this security code. These security codes usually expire within minutes so the risk is low. Nevertheless, if the hacker can see this security code, it does make it easier for the hacker to access the customer’s bank account. If your bank gives you a choice on where your security code is sent, your phone is probably safer choice.

Bottom Line

I’m still confident in the safety of online banking. If you take prudent safety precautions, the chance of hackers accessing your bank accounts is rare. One of the important precautions is maintaining a secure password. How careful are you with your bank and email passwords?