Major data breach alert! This could very well be the largest data breach in history so far.
If you have a Yahoo account or use any of the company's other sites such as Tumblr and Flickr, take a moment to review your accounts and change your password immediately. I also recommend you take other important security steps that I outline below. But first, here's more about the breach.
Yahoo finally confirmed today that at least 500 million Yahoo accounts have been compromised in a 2014 attack, bigger than previously reported. I know what you're thinking, "Wow 2014, that was two years ago!" Yes, it was a few years ago and the hackers have more than your password.
Yahoo is claiming that a "state-sponsored actor" is behind the attack, which means a foreign government could be responsible for the data breach. This hack may also have serious implications on the Verizon-Yahoo merger deal that was announced earlier this year.
I have no idea why we are just now finding out about this massive data breach.
Information stolen may include names, email addresses, telephone numbers, birthdays, hashed passwords and even encrypted or unencrypted security questions and answers.
So now, Yahoo is urging its users to reset their passwords. Great advice, thanks Yahoo.
Here's what you need to do:
1. Change your Yahoo password now
As advised by Yahoo, if you haven't done so, change your Yahoo account password now, especially if you haven't updated it since 2014.
2. Change your Yahoo secret questions and answers
To do this, sign into your Yahoo account, go to the Account Info page and then, Sign-in and Security.
3. Enable Two-step Verification
After changing your Yahoo password and secret questions, we recommend turning on two-step verification for your Yahoo account.
Two-factor verification will send a security code SMS to your smartphone whenever someone tries to log in to your Yahoo account from an unknown device. This code, together with your password, will add extra layers of security to your account.
To turn this on, go to your Yahoo Account Info page >> Account Security >> Click "Two-step verification" to "On" >> Enter your phone number. Click Send SMS and enter the code supplied by sent text message to verify your number.
4. Set up a Yahoo Account Key
Beyond Two-step Verification, you can also setup a Yahoo Account Key. This will eliminate any need for a password to log in to your Yahoo account. With an Account Key, to sign in to a Yahoo service, you'll just need your username and the sign-in notification sent to your mobile phone. Here are the various ways to do this.
5. Check your other accounts
With major data breaches like this, password reuse attacks will inevitably happen. If you are using the same passwords for multiple accounts, it is important that you review and change them now as well. If you don't know by now, it is bad practice to use the same password across different services.
This is also a good time to review your banking accounts and check for signs of identity theft and fraud.
Furthermore, beware of any phishing attempts that may capitalize on the situation. Carefully scrutinize any emails, texts or calls claiming to be from Yahoo, they might be just fraudulent attempts to steal more of your personal information.
While you're at it, please create strong and unique passwords for every online account you have. A single data breach is all it takes to compromise your multiple online identities.
Tip in a Tip:
I wrote about the new way to thwart hackers by using a different sort of password. I detailed the findings in a recent USA Today column. To read and learn more, click here.
More details are emerging about this developing story so make sure you keep checking komando.com for the latest news.