Yahoo said on Wednesday it had discovered a new data breach that occurred in August 2013 and involved data associated with more than one billion user accounts, double the number affected in a different breach disclosed in September.
Yahoo said the stolen user account information may have included names, e-mail addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers. Payment card data and bank account information were not stored in the system believed to be affected, the company said.
Chances are good that you or someone you know still has a yahoo email account. Yahoo boasts 1 Billion monthly active users and 204 million monthly unique visitors. This recent hack affected 1 billion user accounts, which is a little more than a seventh of the world’s population. This official announcement was just released, but it is likely related to the previous hack in August where they have seen signs that the data stolen was used in some notable criminal activity.
Find out if you were affected:
To check if your credentials are impacted, log into your Yahoo email account and check for an urgent security letter from the Yahoo team. Yahoo has started to issue these to all compromised users.
What happens if my account is effected?
If you sign in and are alerted that your account is effected (or even if it doesn’t appear to be effected but you’d rather be safe than sorry). Your best bet is to change your password, disable security questions, and start thinking about anywhere else that you may have reused that password along with that email address. We strongly discourage duplicating passwords, but especially for your email account, because you usually use it to unlock other accounts whose passwords have been lost or forgotten. Once you’ve completed that, you may want to consider moving everything off of the Yahoo account and choosing another email provider. There is no guarantee that another provider won’t also be hacked in the future, but hoping that Yahoo has learned from their mistakes might not be the best idea either. Yahoo is notoriously bad at protecting against basic issues like spoofing and phishing.
What if you have changed your password recently?
The Yahoo attack happened three years ago but was disclosed only this week. Even if you changed your passwords recently it is best to play it safe and change your passwords again, starting with your most sensitive accounts. And if you weren’t doing so already, you’ll have to treat everything you receive online with an abundance of suspicion, in case hackers are trying to trick you out of even more information.
Won’t security questions protect my data?
Sites will often use security questions like “What was the name of the street you grew up on?” or “What is your mother’s maiden name?” to recover a user’s account if the password is forgotten.
Because the internet has made public record searches so accessible and simple, the answers are usually easy to guess. In a recent study, researchers at Google found that with a single guess, an attacker would have a 19.7 percent chance of duplicating an user’s answer to the question, “What is your favorite food?” (It was pizza.)
How do I protect myself in the future?
Increasingly, you cannot. Regularly monitoring your financial records can help minimize the damage if someone gets your information. But only the companies storing your personal data are responsible for securing it.
The best protection you have as a consumer, is using a password managing software (we here at Bennett, use Lastpass). Using a software program to generate, store and manage unique passwords for each site you visit, is a great way to minimize the damage of a hack. Also, if a site offers additional security features, like secondary or two-factor authentication, it is best to enable them. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in. Many major sites like Google offer this.
However, if you are business owner, don’t leave your security to chance. Bennett can help protect your data Learn more about our data security services, or contact a member of our team today!