Yahoo confirmed a massive data breach that stole information from at least 500 million user accounts, leaving many to wonder who’s behind the attack and what this means for their security. Yahoo Security Breach was disclosed after years of the real incident. The breach happened in 2014 but yahoo disclosed it to the public in September 2016. Since then yahoo has been alerting the users while giving them tips on protecting and securing their email accounts.
This breach involved hacking into users’ email accounts and stealing information that included user’s names, date of birth, telephone numbers, encrypted passwords and many others. Users were then advised by yahoo to change their passwords and reset their emails. However, Yahoo disabled the security questions because their information was also hacked into and users were advised to remove and delete the answers to these security questions.
Related Article: How to Protect Yourself After the Yahoo Attack by The New York Times
1. Who could be a victim of the yahoo security breach?
Anyone with a yahoo email account could be a victim. Therefore, if you have a yahoo email, whether it is a side email that you do not use very often, you still need to take on the precaution measures that yahoo has advised the users to take.
Mail Notification from Yahoo.
What Information Was Involved?
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. Not all of these data elements may have been present for your account. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation found to be affected.
What We Are Doing
We are taking action to protect our users:
- We are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification.
- We invalidated unencrypted security questions and answers so they cannot be used to access an account.
- We are recommending that all users who haven’t changed their passwords since 2014 do so.
- We continue to enhance our systems that detect and prevent unauthorized access to user accounts.
- We are working closely with law enforcement on this matter.
Our investigation into this matter continues.
What You Can Do
We encourage you to follow these security recommendations:
- Change your password and security questions for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review your accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Avoid clicking on links or downloading attachments from suspicious emails.
Additionally, please consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
For More Information
For more information about this issue and our security resources, please visit the Yahoo Security Issue FAQs page.
Protecting your information is important to us and we work continuously to strengthen our defenses against the threats targeting our industry.
Chief Information Security Officer
Related Article: To check if your account was affected by Yahoo
2. How do I make sure that my email is secure?
Yahoo advised all its users to take some caution and there are very many tips to follow to ensure that your email is secure. Here are some of the tips to make sure that your email account is secure.
Reset your password
Yahoo advised all its users to change their passwords for both their yahoo accounts and all their other accounts. However, it is very important to avoid using the same password for different accounts. It is common for people to use the same password for multiple accounts. This is very dangerous because it gives hackers a direct clue to hack into all your accounts. For example, if your yahoo email account was affected, this means that the information they stole from your account would be the same information they would use to trace your other accounts. This would be very easy for hackers to guess your other passwords. Therefore, if you have the same password for multiple accounts then you should change each password.
Delete sign up emails from other websites
Here I mean welcome messages that websites send to someone’s account after signing up a new account. These can also be verification emails, subscription emails and many others. It is very clear that these messages are a link between an email address and accounts on various websites therefore those sign-up emails can expose the specific account names chosen by the user, if they are different from their email address. Once hackers break into an email account they can easily discover what other online accounts are tied to that address by searching for sign-up emails. It is therefore advised to delete such sign up emails from your inbox.
Disable and delete your answers to the security questions
After the yahoo security breach, yahoo officially disabled the use of security questions. This was because security questions were disclosing a person’s personal information that is usually used in other security questions in other accounts. Hackers stole people’s personal information including security questions. This was a dangerous thing because security questions contain information that could lead them to other important accounts like bank accounts and many others. Therefore, users are advised to delete security question since it is no longer a requirement for yahoo.
Do not send in any information from any email
Yahoo cautioned all its users not to send in their personal information to any email. They informed users that they would be sending messages that do not require any subscription or emails that require filling in of personal information. This was because hackers were sending emails to yahoo users asking them for their personal information.
Use two factor authentication
This is where the online service asks for one time use code that is sent via text message on your phone in addition to the regular password. This is usually done when you try to access your account from a new device. Yahoo offers this two factor authentication and it is very important to use it in order to secure your account. The two factor authentication is a very important security feature that will help you incase hackers steal your password.
Related article: Why Did Yahoo Take So Long to Disclose Security Breach? by live Science
Security of your email account is a very important thing to focus on. Because your email contains personal information. From the yahoo security breach, every user should know how to secure their email accounts even when they feel that they were not affected by this security breach.
However, even if you might not have used a Yahoo account for years, there are security experts who predict that the incident could have far-reaching consequences for users beyond Yahoo’s services. Therefore it is essential for every internet user to ensure proper security of their accounts.