I had a bit of a close call recently.
I received an email from Yahoo! that read:
Your password for this account has recently been changed. You don’t need to do anything, this message is simply a notification to protect the security of your account.
The problem was that I didn’t change my password.
Curious to check this wasn’t spam I logged into my account (typing the address by hand) and found I indeed couldn’t login.
Now, by fortune I don’t really have anything that important (semi personal, but nothing anyone can gain from or blackmail me with; I’m not stupid) in my account and don’t have Yahoo! email signed up that a spammer could utilise, but it still scared me.
I couldn’t even reset my password.
If this scenario happens to you, you need to remember this very legitimate email address: firstname.lastname@example.org
Briefly and courteously explain your scenario and you will receive an auto reply for specific account information which you must offer so they can match it to see if it matches previous account owner records. Anything you remember will help.
Within a day I got my account back and seriously buffed up the admittedly shoddy original password (and just so you know, this was my only weak password due to signing up in the slightly more carefree days a decade or so ago).
The lesson of this story is don’t be lax about passwords. Don’t use dictionary words at all costs, especially for sensitive accounts and make them long, mixed cased and mixed charactered. If you worry about remembering passwords, download a free password manager. I was fortunate to have experienced this in a risk-less way, but others may not.