ASK Sucuri: What should I do if my email is in the Yahoo Leak?

We love to get questions from you, our readers, in our Ask Sucuri series. If you have any questions about website malware, blacklisting, or security in general, send us an email to: or hit us on Twitter – @sucuri_security.

Yesterday we released a blog post about the Yahoo Leak, and created an online tool to check if your email was exposed in the leak. Since then, we have received hundreds of emails asking what should be done for anyone whose account was compromised.


Question:What should I do if my email was exposed in the recent Yahoo password leak?

The first thing you need to do is to change your password. Not only your Yahoo password, but all your passwords. Specially (and most importantly) if you re-use passwords across multiple accounts. So if your Yahoo password is the same as your Twitter or Facebook or Bank account, you should change them all immediately.

This is our step by step suggestions for anyone that was exposed has a Yahoo Voice account, a Yahoo account in general, or simply hasn’t changed their credentials in a while:

  1. Change your Yahoo passwords
  2. Change the password for any site that you were re-using the same password
  3. Or you can go even further and change all your passwords. Now is a good day to do so.

Remember, you should never re-use passwords between sites. Also, we strongly recommend everyone to use a password manager like LastPass, Peguta or 1Pass.

If your website has malware, or has been blacklisted, visit Sucuri Security for the latest in website malware monitoring and clean up.

Scan your website for free:
About Daniel Cid

Daniel is the Founder & CTO of Sucuri and also the founder of the open source project - OSSEC HIDS. His interests range from intrusion detection, log analysis (log-based intrusion detection), web-based malware research and secure development.

You can find more about Daniel at his site or on Twitter: @danielcid