What to do if your Yahoo
account was hacked
by Heather Kelly @heatherkelly
If your account is one Yahoo suspects was compromised, you'll be prompted to enter a new password as soon as you log on. If you used the same password on other accounts, change those, too.
The latest Yahoo hack is a doozy you shouldn't ignore.
The company said on Thursday at least 500 million user accounts were affected
by a massive data breach. The hack happened in 2014, when "state-sponsored
actor" stole account information, including names, emails, passwords, telephone
numbers and answers to some security questions.
So what should you do if you have a Yahoo account?
First and foremost, you'll want to change your password immediately. All Yahoo
account holders should also change their security questions and answers.
If your account is one Yahoo suspects was compromised, you'll be prompted to enter a new password as soon as you log on. If you used the same password on other accounts, change those, too.
Here are other steps to take to secure your online accounts.
Change passwords often
Yahoo is asking anyone who hasn't changed their password since 2014 to update
it. This is good advice for everyone: Passwords should be changed often.
You won't always get a timely notice from a company that an account was
compromised -- and sometimes it might not even know about a hack until much
later. In this case, it took two years for the company to confirm the breach.
Never use the same password twice
Repeat after us: Never use the same password twice. If hackers get the password
for one of your online accounts, they can try to use it to access your other
accounts that take the same credentials.
Pick better passwords
Consider using a phrase instead of single words that are more easily guessed.
Don't go for common phrases like cliches: Pick a combination of words that don't
go together -- i.e. rather than "herecomesthesun," go for something like
"wombatbootsparade".
Avoid using common passwords like 1-2-3-4-5-6 or p-a-s-s-w-o-r-d
(see more here), and include a mixture of numbers, letters and characters.
Use a password manager
Since strong unique passwords are a huge pain to memorize, try a password
manager like 1Password or LastPass. These platforms generate and store
passwords and security answers for every account you have, so you only have to
remember a single master password.
Update those security questions
If you forget a password, using security questions is an easy way to gain access
back into your own account -- its not like you'll ever forget your mom's maiden
name. But some Yahoo security answers and questions were a part of the breach.
The company has already disabled any unencrypted security answers on its
accounts.
If you frequently use the same security questions and answers for other online
accounts, you'll want to change those, as well. Attackers could use the information
taken from Yahoo to obtain access to other online accounts that contain even
more sensitive information.
Avoid choosing the obvious questions and don't provide answers that are easy to
find online through Google searches, social media sites or old Live Journal entries.
Be alert
The company is urging users to look through their Yahoo accounts (email,
calendar, groups, etc.) for any signs of suspicious activity. Although it doesn't say
what to look for, start by checking outgoing emails.
Be extra careful about clicking on links or opening downloads from unknown email
addresses. If anyone emails asking for your password, it's a red flag -- even if it
looks like it's coming from a legitimate place like Yahoo or a bank. Never share
any account information or passwords over email.
Turn on two-factor authentication
On its own, a password isn't a strong line of defense. Adding a second type of
authentication, like a one-time code sent over text message or generated by an
app, can greatly secure your online accounts.
Yahoo is recommending people turn on its two-factor authentication tool: Yahoo
Account Key. It even eliminates the need to memorize a Yahoo password.
If you use the Yahoo Android or iOS app, log in to your account, go to your profile
and select Account Key. You can also set it up in a web browser. Each time you try
to access your account, Yahoo will send a confirmation to your phone.
While it's certainly an extra step, make it a part of your daily routine. Next time
there's a story about a massive data breach, you'll be glad you did.
CNNMoney (San Francisco)First published September 22, 2016: 5:38 PM ET
No comments:
Post a Comment