“We believe an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts.”
I can only imagine the way Yahoo’s chief information security officer, Bob Lord, cringed as he shared that information this week. The announcement came just a couple of months after Yahoo had to tell 500 million users their accounts had been compromised. This latest breach marks the largest data breach ever reported, while the September Yahoo breach takes second place.
Among the stolen data are users’ names, email address, telephone numbers, dates of birth, hashed passwords and security questions and answers.
Yahoo says unprotected passwords, payment-card data and bank account information do not appear to be compromised, as they was stored in a different system. That may be some relief, but thieves don’t need much to wreak havoc on your identity and finances.
Here’s what you should do:
▪ If you use Yahoo for email or other accounts, you have some due diligence to do. You may get an email from Yahoo saying your information was compromised. Even if you don’t, you should consider acting if you’ve ever had a Yahoo account.
▪ Yahoo has asked users to change their passwords right away. In some cases, the company has reset users’ security questions. It’s worth the time to update both security features whether you’re a victim of the breach or not. We can all benefit from creating strong passwords and updating them regularly. Think symbols, numbers and capital and lowercase letters.
▪ If you used any of the same security question answers or password for any other account, whether email, social media, online banking, shopping or something else, change it too. The answers you provided Yahoo may be in the hands of hackers, and if they get into your other accounts, they potentially have access to even more sensitive personal and financial information.
▪ Watch for scammers who want to piggyback on this massive hack. Be suspicious of emails claiming your data has been compromised and you need to “verify” information to secure your account. Remember, it’s easy to impersonate company logos, so even if an email looks official, be wary of clicking on links or downloading attachments.
▪ Check your credit report. Although it seems this data might not have been part of the Yahoo hack, you should be checking your credit regularly to ensure you aren’t a victim of identity theft.
Each credit reporting bureau gives you a free look at your credit report annually. You can do all three today, or better yet, check one today, one in four months, and one four months later to get a look at your report year-round.
Go to annualcreditreport.com from a secured connection, not public WiFi, as you’ll need to enter personal information. Type that address directly into your browser to ensure you’re on the correct site. You will not need to provide credit card information.