In an announcement on September 22, 2016, Yahoo disclosed the news that criminals stole account information for more than 500 million users from its systems in late 2014. While the company doesn’t believe financial information was included in that data breach, it does state, “account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
Yahoo believes the criminal theft was performed by a state-sponsored actor, meaning that a government entity either orchestrated the breach or supported another entity that raided the company’s systems. The company is currently working in concert with law enforcement to investigate the breach.
If you haven’t changed your Yahoo account password since 2014, log into your account immediately and do so. It’s also worthwhile to change your password now even if you’ve changed it since then as an added security precaution.
To change your password, log in to your Yahoo account, click on your name in the upper right-hand corner of the screen, and click Account info in the drop down box. When the new page loads in your web browser, click Account security and then Change password in the list of options to the right.
Though the criminals responsible for stealing account information also obtained the answers to account holders’ security questions used to reset account passwords, Yahoo invalidated this information to render them useless in changing passwords. As an added security precaution, you should delete this information from Yahoo’s database.
To delete your security question information, follow the steps above to get to the Account security screen. Once there, click on the security question option and delete your information. If you don’t have an account recovery email address, the system will prompt you for one before you can delete your security questions.
Cybercriminals seek to access and steal online user information each day, and you never know when one will hack the database of a website you use or when you’ll find out about the intrusion after it happens. One of the best ways to limit the usefulness of that information to criminals is to regularly change your password.
Set a schedule to change the password for each of your accounts regularly, and stick to it. Whether it’s every six months, three months, or even monthly, make sure the password uses a collection of numbers, symbols, and upper and lowercase letters to make it harder for criminals to guess.
For additional information on Yahoo’s cyber breach incident, go to its FAQ webpage here: https://help.yahoo.com/kb/account/SLN27925.html?impressions=true