More than 1 billion Yahoo accounts were compromised in a newly discovered security breach that occurred in 2013, according to a statement released by Yahoo last week. It is the second major hack the company has announced since September.
In the company's statement, Yahoo notes hackers may have stolen names, email addresses, dates of birth, certain passwords, and security questions and answers. Yahoo does not believe payment card data and bank account information were compromised.
Yahoo says accountholders who were affected by the breach are being notified and will be required to change their passwords. United Heritage Credit Union offers the additional recommendations below to safeguard your information:
1. Change Your Passwords
While Yahoo is requiring those affected by the hack to change their passwords, it's a good idea for everyone with a Yahoo account to change his/her password. Also, make sure to update passwords on any accounts linked to your Yahoo account. If you use the same or a similar password for your Yahoo account as any other accounts – like banking or social media – change those passwords as well.
It is best practice to create strong, unique passwords and change those passwords regularly. A strong password is at least 10 characters long and consists of a mix of numbers, symbols, uppercase letters and lowercase letters. If you have trouble creating and remembering passwords, there are secure passwords managers such as Dashlane and LastPass that can do it for you.
2. Set Up Two-Factor Authentication
For additional account security, set up two-factor authentication. Two-factor or multi-factor authentication only grants access to your account after you confirm your identity in more than one manner, effectively preventing someone from accessing your account in the event your password is stolen. Confirming your identity is usually done via email, phone call or text message as you're signing in. Utilize Yahoo Account Key to set up two-factor authentication on your Yahoo account.
3. Delete Old Emails
If your Yahoo email account was compromised, now's a good time to clean out your email inbox and storage. Old notification and password reset emails can give hackers information about other accounts you have and how they might access that account information.
4. Check Your Email Settings
Check your email forwarding settings. If hackers successfully accessed your account, it's possible they set up an email forwarding rule to receive copies of all emails you receive. That means hackers could view all your emails without ever signing in to your account again or triggering any suspicious sign-in notification emails. Ensure this has not been implemented on your account and contact Yahoo immediately if it has.
5. Be Cautious of Probing Emails
After a breach, hackers often try to take advantage of vulnerable accountholders. Remember that legitimate companies will never ask for your sign-in credentials or any other sensitive information via email or phone call, so it's important to remain vigilant to protect yourself.
If you receive an email from an unknown sender, do not open or reply to it. If you have already opened the email, do not click any links, download attachments or provide personal information.