An absolutely staggering amount of Yahoo accounts have been hacked in what’s being called the single largest email security breach in the history of the Internet.
Yahoo isn’t exactly the world-beater that it used to be – in fact, you’re probably thinking, ‘who the hell still has a Yahoo account?’
Well, you – probably.
There’s a good chance at some point you’ve created a Yahoo account sometime in the past decade – whether it be for email, to play games or to access a bunch of their services like Flickr.
And within that account is information like your name, alternate email addresses, phone numbers, birthdays and answers to all of your security questions.
It’s likely that you also have your bank account and credit deets in there as well.
Which is why it is very, very, very bad news that around one billion Yahoo accounts have been breached. When Techly reported on Yahoo’s breaches earlier this year, we thought that would be the end of it. Turns out, it was one of two massive breaches.
In a statement released today, Yahoo said,
Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.
What data has been stolen?
For accounts that have been affected, Yahoo says the information that has been leaked includes:
“Names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers.”
The California-based telco believes that payment card data and bank info hasn’t been breached.
Did they hack my account?
Yahoo says that they have notified affected account holders, so best to check your Yahoo email to see, and then take the appropriate action they advise.
How did they hack in?
It’s believed that a third-party created forged cookies which allowed hackers to get into accounts without a password.
What can I do to protect my account?
The company recommends a few steps you can take – but given that this is the second mass-scale breach of Yahoo accounts in the past few years – if you don’t need it, you’re probably best deleting your account:
Some important recommendations we’re re-emphasizing today include the following:
Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
Review all of your accounts for suspicious activity;
Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
Avoid clicking on links or downloading attachments from suspicious emails; and
Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.