More than 500 million Yahoo users’ accounts may have been breached when data was stolen from the company in late 2014. (However, the alleged hacker told Motherboard last month that the data may go back to 2012.) A recent Yahoo investigation has found that user account information was stolen after a hack, which may include names, emails, phone numbers, birth dates, hashed password, and unencrypted or encrypted security questions and answers, Yahoo has announced. This can be a serious problem for affected users, especially if they use their Yahoo information for other accounts to. You should take action to secure your account right away.
Here’s what you need to know.
Change Your Yahoo Passwords & Security Questions
First, if you’re one of the users who may be affected, change your passwords and your security questions and answers right away. If you had a Yahoo account in 2012 or 2014, then you might be affected. In fact, changing your passwords and security questions might be a safe step to take if you’re using Yahoo at all.
Next, you should monitor your Yahoo account for unusual activity. Are you noticing unusual charges or logins from regions where you have not been? These are signs that your account was likely compromised.
While your’e at it, you should also enable two-step authentication on Yahoo (and your other accounts.) You’ll be sent a text message or phone call before anyone can log into your account. Yahoo has instructions for enabling two-step authentication here.
Change Any Other Account That Used the Same Password or Security Questions
You should also find any other account where you use the same password or the same security questions that you’ve used on Yahoo, and change those too. If you use a service like LastPass to store your passwords, then you can find out easily which other accounts are using the same password. If you’re not using a password service like LastPass or KeePass, then this might be a good time to start. These services can ensure you use a different password with every account you have, so a data breach won’t compromise all your other accounts too.
Change Passwords for Other Yahoo-Owned Accounts
Make sure you change the passwords for your other Yahoo-owned accounts too, in addition to accounts outside of Yahoo. For example, change your Flickr password right away, since it’s owned by Yahoo, and change your Tumblr password. If you log into Yahoo and are asked to change your password, even if you have two-factor authentication, this could be a sign that your account was compromised. Change your information right away.
Check HaveIBeenPwned for Other Data Breaches
If the data dump surfaces, you can check the site HaveIBeenPwned to see if your information was compromised. In fact, it might be a good idea to just use the site now and see if your information has been breached from previous hacks. The breach from the current Yahoo hack isn’t on the HaveIBeenPwned site yet, as of the time of publication, but you can check for vulnerabilities from other hacks on there.