On Thursday Yahoo confirmed over 500 million user accounts and passwords were stolen by hackers. It’s already being called one of the biggest hacks ever. To make matters worse this massive data breach goes beyond usernames and passwords. Here’s what Yahoo users need to know and do right now.
According to the company this data breach took place back in late 2014. Only now it’s being confirmed after an internal investigation. Yahoo didn’t state who was behind the attack, aside from mentioning it was a “state-sponsored actor”.
Hacks of this nature are surfacing more and more than ever before. At the moment Yahoo estimates “at least 500 million” accounts have been compromised, and that number may grow in the coming days or weeks. Either way users should be worried, and we have a few tips below to secure your information now.
While the hacker stole over 500 million accounts, that isn’t the worst part. The problem is the company confirmed names, email addresses, telephone numbers, birthdays, hashed passwords, and some “encrypted or unencrypted security questions and answers” were all stolen too. Yahoo claims no payment or credit card information was lost. More information will be available soon at yahoo.com/security-update.
This means that while some of the 500 million may have changed passwords recently, or even back in 2014, that’s only half the story. Many consumers use the same password for multiple accounts (like Gmail or Bank sites) and the same secret questions over and over. Along with birthday info to confirm identity. Meaning hackers could use this information to fish other accounts until they gain access.
Yahoo Hack: What to do Now
Never use the same password for more than one site, and mix up the usage and answers for secret questions. These are all used to reset passwords, which now are in the hands of hackers.
Change Your Password
First things first, all Yahoo users need to sign in immediately and change their password. While you’re at it change the secret questions if possible, and maybe even remove your user information.
At the same time the password needs to be changed on any and all sites that use the same password. This is a mistake millions of users make. Using the same password that’s easy to remember for all sites. Every site should be different for situations exactly like this.
Use A Password Manager
Remembering a different password for the dozens of websites and services we use on a daily basis can be a challenge. We’d recommend a password manager like LastPass or 1Password. These combine unique passwords for every site, saves them, then generates one unique and secure password for users. One that is a mix of letters, numbers, words and more.
This is something millions of users should consider either way.
Next you’ll want to use two-factor authentication on your Yahoo account, and any account that offers it. This requires an extra step like sending a code to your smartphone or email on every login attempt. Meaning hackers can only get through one stage of the process.
Two-factor authentication is offered by Google, Apple and multiple other services. We’d recommend using it on everything.
Yahoo Account Key
Last but not least the company recommends using their Yahoo Account Key service. It’s similar to two-factor authentication and completely replaces passwords. Yahoo Account Key will let users instantly login by using their smartphone. It simply sends users a notification which they can hit “Yes” to safely sign in.
With no password on your Yahoo account no one can sign in but you, as long as you have your smartphone.
Considering over 500 million accounts are compromised this is the biggest hack to date. Bigger than LinkedIn and the Myspace breach that lost 427 million passwords. At the end of the day this is a huge reminder to use every security measure at your disposal to keep things safe. Use a password manager, be smart online, and always take advantage of two-factor authentication if possible.