By now, you probably have heard about the largest hack ever on Yahoo’s accounts, about 500M Yahoo accounts (about half) have been hacked by a ‘service backdoor’ hack over the past 2 years, and said to be ‘state-sponsored’ ! Information including passwords and security questions is said to have leaked and may be exploited to hack into your Yahoo AND other online accounts. If you hold a Yahoo account or had used one before, you should do these 3 things right now…
1. Change your password. Even though Yahoo says it will notify potentially affected users, change your password anyway to make sure. Do it now. Yahoo is phasing out security questions and encouraging users to sign up for their Account Key service, which can authenticate your account through your smartphone. That’s not a bad option. (If, for some reason your Yahoo account still asks you security questions, change them immediately.)
I know it’s super difficult especially for the seniors, don’t use the same password on multiple sites. That only makes it easier for hackers to hop from one of your accounts to another. Read my other post here for some passwords hints.
If you want more peace of mind, change the security questions for any of your other accounts that may have them. For example, if one of your Yahoo security questions was “What’s your favorite sports team,” and your online bank account asks the same security question, you might want to change it in case your Yahoo answer was stolen and now some hacker in Russia now knows you’re an Eagles fan.
2. Set up two-factor authentication. Passwords are inherently flawed, but two-factor authentication is the best way to secure them. When you’re updating your account, Yahoo will (soon if not yet) ask you if you want to do this. Do it. Essentially, it will send a text message to your smartphone with a unique login code each time you log into your account. Yes, it can be a pain. But it will also make it much less likely that someone else will be able to access your account.
3. Keep an eye on your account. While it’s hard to say what to look for, look for things that don’t look right. Are there emails in your “sent” box that you didn’t send? Are you getting shady-looking emails that ask you to click on links? Or official-looking emails asking for your password, or other personal information? Don’t fall for it. Remember, constant vigilance is the price of free email.
And if you’re one of those people snickering, “Who still uses Yahoo email?” go check yourself. If you once had a Yahoo account but you don’t use it anymore, log back on, delete what’s in there, and officially close it. Ten-year-old data can bite you in the butt just as easily as current information.