Yahoo recently announced that hackers were able to get into their system and steal a lot of personal information. Here’s what you need to know, and what you need to do.
When did the data breach take place?
This is one of the more concerning factors about this problem. Yahoo says that the hack into their servers actually happened back in 2014 – 2 years ago. This means that the 500 million users that were affected by this have gone for two years not even knowing there was a problem. The real question is, when did Yahoo find out about it? If they knew about it in 2014, then they have acted quite irresponsibly in not announcing it. If they just found out about it, how can their security systems and processes be so lax that a breach of this magnitude can go unnoticed for two years?
What information was stolen?
Yahoo has concluded from their investigation that these things may have been stolen:
- User’s names
- User’s email addresses
- User’s dates of birth
- User’s telephone numbers
- User’s passwords
- User’s security questions and answers
Does this only affect Yahoo email users?
Unfortunately, probably not. Yahoo owns several other popular websites, including Flickr and Tumblr. They also own the popular fantasy football site called Rivals. If you currently have, or have ever had, an account at any of those sites, you need to change your password and security questions right away.
What do you need to do?
If you have ever had a Yahoo account, or an account with any of the sites mentioned above, yes you need to do a few things:
1. Change your password
This might seem obvious, but it is something you need to do. And as long as you’re changing your password, make it a strong one (just random letters and numbers that don’t have any meaning) and don’t use any password that you’ve used on any other account.
2. Create new security questions
You might be prompted to do this anyway when you change your password. But if not, it would be a good idea to change those questions that are used to confirm your identity (like your mother’s maiden name, what was your first car, etc.) since the hackers could have those questions (and the answers). They could potentially still use those questions and answers to get into some of your other accounts, but changing them on Yahoo is just another precaution.
3. Change password on other sites where that password was used
This might be the most important step. Think about the original password that you had with Yahoo (before you just changed it). If you have used that password on any other online accounts, you need to go to THOSE accounts and change the password there as well. Think about it. If your Yahoo email was “firstname.lastname@example.org” it’s possible that you used that email as the user name on lots of other accounts, such as Facebook, your bank account, YouTube, medical records, the power company, etc. So the hacker will use software to try logging in to tons of other accounts using that email address and the password they stole from the Yahoo records. This is the danger of using the same password across multiple accounts. I know it’s much easier to just remember one password for everything, but it also makes it a lot easier for the hackers.
4. Don’t use Yahoo
If this were the only data breach Yahoo has had, that would be one thing. But this happens repeatedly to them. They have proven that they are incapable of keeping your data private and secure. I would even go so far to say Yahoo may be almost as incompetent as AOL. I opened a Yahoo account many years ago, before Gmail even existed, and one of the big reasons I switched to Gmail was because Yahoo’s email spam filters were worthless – my inbox was constantly filled with emails that were clearly spam, but Yahoo couldn’t figure out how to filter them out. That was just one of several reasons I switched to Gmail in 2004 and have been very happy with Gmail since then.