What you need to do
Even if you don't have a Yahoo account that you know of, you may still be affected by the hack if you use any of these Yahoo-owned services:
- Tumblr, a blogging service
- Flickr, a photo sharing site
- Play Fantasy Football via Yahoo Sports
- Use your Yahoo account to access Yahoo-branded services like Yahoo Messenger, Yahoo Shopping, Yahoo Music, etc.
- Your smart TV uses Yahoo Smart TV services (usually associated with the Vizio brand)
If you have any of these accounts, please review your credentials as soon as possible and secure your account by changing your passwords. Click here to find out how to change your credentials on these other accounts.
To secure your Yahoo account, here's what you need to do:
1. Change your Yahoo password now
As advised by Yahoo, if you haven't done so, change your Yahoo account password now, especially if you haven't updated it since 2014.
2. Change your Yahoo secret questions and answers
To do this, sign into your Yahoo account, go to the Account Info page and then, Sign-in and Security.
3. Enable Two-step Verification
After changing your Yahoo password and secret questions, we recommend turning on two-step verification for your Yahoo account.
Two-factor verification will send a security code SMS to your smartphone whenever someone tries to log in to your Yahoo account from an unknown device. This code, together with your password, will add extra layers of security to your account.
To turn this on, go to your Yahoo Account Info page >> Account Security >> Click "Two-step verification" to "On" >> Enter your phone number. Click Send SMS and enter the code supplied by text message to verify your number.
4. Set up a Yahoo Account Key
Beyond Two-step Verification, you can also setup a Yahoo Account Key. This will eliminate any need for a password to log in to your Yahoo account. With an Account Key, to sign in to a Yahoo service, you'll just need your username and the sign-in notification sent to your mobile phone. Here are the various ways to do this.
5. Use a password manager
You can also use a third-party password manager to automatically create unique and complex passwords for you across multiple sites.
We suggest an offline, free password manager, such as Keepass to keep all of your passwords safely secured.