A few months ago (Sept 2016), Yahoo announced the disturbing news that the user details for millions of Yahoo accounts were stolen in 2013.
The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected.
On 12/14/2016, Yahoo announced it happened again in an incident distinct from the first one.
For potentially affected accounts, the stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers. The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.
Even if you no longer use your Yahoo account, the data breach can still harm you.
Think about it. Did you have the bad habit of using the same password with different accounts (i.e., email, social media, bank accounts, etc.)? We all did at one point. But now we know better and understand the importance of creating unique passwords per account. If an old password can be uncovered, it can be used to attempt access of another of your accounts.
Spend a few minutes on prevention to avoid hours/days of trying to recover.
As a precaution, do the following:
- CHANGE YOUR YAHOO PASSWORD.
- Change the passwords for any other accounts (i.e., email, social media, bank accounts, etc.) that may have also used the same password.
- Change your answers to security questions.
If you are using the same answers that you did on Yahoo, that info was also exposed.
- Enable Two-Step Authentication if available.
It requires that an additional temporarily generated code be entered along with the normal user and password credentials.
Take the time now to update all your most important account passwords. Here are tips for creating a unique, strong password and manage them.