In 2014, Yahoo suffered one of the all-time largest data breaches (500 million user accounts) and we are just now learning about it. Only today has the company confirmed the massive breech. As Yahoo is currently in process of being bought out by Verizon, it makes sense that hiding both the severity of the hack and the information stolen has the potential to lower the failing company’s value even more, possibly at the customer’s expense.
In August of this year, a hacker who goes by the name of “Peace” put millions of Yahoo account usernames, birth dates, names, and recovery email addresses up for sale on the Dark Web for just over a grand. Fortunately, passwords were still hashtag encrypted, thus the bargain-basement price. However, simple passwords can often be calculated in computer programs from the number of characters used. Yahoo suspects that some customer security questions and answers may also have been compromised. On the bright side, Yahoo said the credit card and bank information was not stolen.
So, we do know that Yahoo was aware of this for quite some time and this admission is a bit too little, too late for users. Many logged into their accounts this morning and were prompted to change their account passwords, as if that is going to help several years after the fact while your username has been traded in shady overseas deals at will.
If you use Yahoo Mail or other Yahoo Account, immediately log into your Yahoo and change your password if you weren’t already prompted to do so. Use a strong password with a mixture of letters and numbers. Do not use the same password in Yahoo or any other popular service as you do for your online banking or other sensitive accounts. Change your personal questions for password retrieval, because it is unclear as to whether the hackers got access to your answers. Also try their two-factor authentication which uses your mobile phone as an extra key to keep your account safe.