Back in September, Yahoo disclosed that 500 million user accounts had been hacked in 2014. It was the biggest data breach of a single company’s computer network to date until yesterday, when Yahoo announced that double - 1 billion accounts - had been hacked in a different attack in 2013.
If you have a Yahoo account, it’s important to take action immediately. Even if you don’t, the time is ripe for a cybersecurity checkup. Read up on what to do to keep your personal info safer online.
What Info Was Compromised?
The data breached put at risk sensitive user information such as names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions. Thankfully, no payment or bank account information was stolen.
Yahoo’s chief information security officer said the attackers stole Yahoo’s proprietary code and created forged cookies, basically allowing them to impersonate valid users. Cookies track website visitors and are what let you login without using your password if you’ve already logged in before. This allowed the attackers to gain info and perform actions on behalf of their victims.
How Did Yahoo Let This Happen?
Unfortunately, in this day and age companies fall prey to data breaches more and more often, endangering the personal information of consumers.
In light of this huge hack, however, security experts are calling the company’s actions (or inactions) negligent, citing the pattern of its failure to keep its users’ info safe. The 2014 hack was so staggering, it is under investigation by both Yahoo and the FBI, and class action lawsuits have been filed against the company.
450,000 Yahoo accounts were also breached in 2012, the company was hit with a series of spam attacks in 2013, and six years ago, Yahoo was the victim of a massive Chinese attack along with other companies like Google.
According to a former Yahoo executive interviewed by the New York Times, Yahoo repeatedly fell short of implementing security measures that its peers invested heavily in. Reportedly, CEO Marissa Mayer, who took over the failing company in 2012, was wary of anything that may turn away the company’s dwindling user base.
What’s most disturbing for some is the fact that the company only discovered it had been attacked when law enforcement provided it with data files containing Yahoo information. That means hackers had three years to exploit the stolen information, and no one was the wiser.
Verizon announced in September it was reconsidering terms of its $4.8 billion deal to buy Yahoo; this latest hack will most likely force the telecommunications giant to rethink the deal again.
Steps to Protect Your Personal Information Online
According to the New York Times, Yahoo said that unlike in September, it is forcing all affected users to change their passwords and is invalidating unencrypted security questions. However, you should take precautionary measures even if you do not receive an email from Yahoo.
Change your Yahoo password. This one’s a no-brainer. Even if you’ve changed your password in the last three years since the breach, always assume your info is at risk.
Change your password on other sites, too. Especially those that house very sensitive information such as financial, health, or credit card data. Comb through your digital accounts to make sure your passwords are not similar to your Yahoo one. Regardless of which email provider you use, you should not use the same password for multiple sites.
Layer up. The stolen information included unencrypted security questions. In general, security questions such as “mother’s maiden name” are easily searchable online. Consider using another password as the answer to your security question.
Be suspicious, be very suspicious. You may have already received an email from Yahoo warning you of the attack. An official announcement will never ask you to provide more info, open an attachment, or click on a link. Scammers know you’re waiting for an email from Yahoo, and may try to send you an email in order to phish you - that is, trick you into opening a dangerous link or file that will grant them access to your computer. It’s always important to be wary of all unexpected emails.
Freeze your credit report. Although payment information was not compromised in this particular breach, other identifying personal information was revealed to scammers, and they can use it to make purchases on your behalf. Some safety experts recommend putting a freeze on your credit report and using a credit monitoring service so you are alerted if anyone tries to impersonate you.
Double your peace of mind. Any time a site offers two-factor authentication, which means it sends your phone a code through text or call to verify your identity, you should take advantage of it.
Find Out If Your Info Has Been Exposed
The internet and our most sensitive personal information are becoming increasingly entwined, and as hackers get more sophisticated, data breaches will happen more and more frequently. Take control of your information and check to see how many times your personal information has been exposed to hackers. Fill out our free case review to learn more today.