hacked

Yahoo has confirmed it has suffered the largest data breach in history, potentially affecting 500 million user accounts.  This Yahoo hack beats the huge Myspace hack of a few months ago.

If you have a Yahoo account, have you been affected? The best course of action (given the huge number of user accounts affected) is to assume that you have been – and change your password on your account immediately.

What data has been stolen? According to Yahoo, the data “may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers” – all extremely useful personal information for hackers.

If your Yahoo password has been used on any other accounts, especially Internet banking, change those passwords immediately as well. It is quite possible the attackers have obtained your personal details (including date of birth) and your Yahoo password. Typically, the hacked data is uploaded on the Internet for all to see, and that means people could be targeting your bank with your details right now.

For Internet banking, you should already be using two-factor authentication, i.e. a password and at least one other form of authentication (e.g. a security token or a text message sent by your bank) should be used to log in. If your bank sends a text message, confirm that your phone number has been unaltered after you have changed your password.

Yahoo offers further advice here and a comprehensive FAQ here. They suggest watching out for suspicious activity on your bank accounts and elsewhere.

What should you take away from this?

One important tip is to never use your real date of birth on a social media site. There’s no reason to give this information away. Use a fake one.

The second tip is to use different passwords on different websites, so that a breach on one does not affect your other accounts. The best way to do this is to use a password manager such as LastPass, which maintains your passwords so you don’t have to remember them.