Just when you thought it was safe to go back in the Yahoo water…another attack happens.
You might remember how terrible 2016 was for Yahoo. The tech company admitted to two of the largest data breaches on record. Well, it’s happened yet again.
Last December, we found out that in 2013 over 1 billion Yahoo user accounts were hacked. Now, even more users’ accounts have been compromised.
What is Yahoo’s latest security breach?
On February 15, 2017, Yahoo sent a security notice to some of its customers. This time, hackers used forged cookies to access accounts without needing passwords.
Here is what the security notice stated:
“We are writing to inform you about a data security issue that involves your Yahoo account. We have taken steps to secure your account and are working closely with law enforcement.
“Our outside forensic experts have been investigating the creation of forged cookies that could allow an intruder access to users’ accounts without a password. Based on the ongoing investigation, we believe a forged cookie may have been used in 2015 or 2016 to access your account.
“We have connected some of the cookie forging activity to the same state-sponsored actor believed to be responsible for the data theft we disclosed on September 22, 2016. Those users targeted by the state-sponsored actor were sent an additional notification.
“We invalidated the forged cookies and hardened our systems to secure them against similar attacks. We continuously enhance our safeguards and systems that detect and prevent unauthorized access to user accounts.”
Yahoo is also encouraging users to follow these security recommendations:
- Review all of your accounts for suspicious activity
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a webpage asking for personal information
- Avoid clicking on links or downloading attachments from suspicious emails
As you can see in the notice, Yahoo claims to have contained this threat. However, the company has had too many security issues lately to trust that everything is fine now. We highly recommend closing your Yahoo account and any that are associated with Yahoo!
How to close your Yahoo account
- Go to the “Terminating your Yahoo account” page.
- Read the information under “Before continuing, please consider the following information.”
- Confirm your password – if you forgot your password, you can recover it with the Yahoo Sign-in Helper.
- Click Terminate this Account.
Remember, if you do close your Yahoo account, you will not be able to use services associated with it. So if you decide to keep it, at the very least make sure you have a strong password. Here are three proven formulas for creating hack-proof passwords.
You can also enable two-step verification, set up a Yahoo Account Key, or use a password manager. It’s always better to be safe than sorry!
Other Yahoo-owned accounts that you should close
Yahoo Mail isn’t the only account that can be affected by data breaches. Any service connected to Yahoo can also be impacted.
Here is a list of Yahoo-owned services:
- Flickr – A photo sharing site
- Tumblr – A blogging service
- Yahoo Sports – This is used to play fantasy sports such as football, baseball, basketball and more
- Yahoo Smart TV apps – These apps are usually associated with Vizio and Samsung brand smart TVs
- Yahoo-branded services – For example, Yahoo Messenger, Yahoo Shopping, Yahoo Music, etc.
With yet another reported security breach, you might want to think about closing your accounts associated with Yahoo. Click here to learn how to close these accounts.
At this time we don’t know how many user accounts are impacted in this latest breach. Keep checking in with our Happening Now section and we’ll let you know of any updates.