Yahoo has fallen victim to the world’s biggest data breach and as a consequence, so has much of the world. The company says that 500 million accounts were exposed in a huge hack that it has said was carried out by a state-sponsored attacker.
It is not only the largest hack by the number of accounts lost, but might be one of the most significant of recent years. It threatens to derail the company just as it is being bought by Verizon – a 4.83 billion dollar deal that was thought by some to be its saviour.
If you’ve had a Yahoo email address since 2014, or if you have an old one you haven’t used in a while or even if you are living Yahoo-free, you could still be affected by this recent breach. Local tech blogger Kevin Andrews is here this morning to discuss the consequences of this email hack and to shed some light on its ramifications.
According to my research, Yahoo has one billion active monthly users on its services, and 225 million monthly active users for Yahoo Mail. So there’s a chance that even if you don’t use Yahoo as your primary email, you could have an account lying dormant somewhere.So whether Yahoo is your main email, a backup or something you signed up for to get access to another Yahoo service, check your Yahoo Mail account right now, because that’s how the company is notifying users they’ve been targeted.
What’s more, your email doesn’t have to end in @yahoo.com to have been a target. Here in Canada, for example, people with email service through Rogers Communications could possibility be affected, as Rogers emails are powered by Yahoo. Neither Yahoo nor Rogers would give a breakdown of how many Rogers costumers were hit by the hack, but Rogers says no account or credit card numbers were compromised.
So the trends of the past few years show us that the bad guys are certainly able to penetrate sophisticated, well-equipped enterprises, and so just because you have a large, Fortune 500 logo does not mean that you are somehow immune from these types of breaches and so even if you’re living Yahoo-free, you’re still at risk from similar attacks against online-based accounts.
What can people do to ensure they keep their online accounts as safe as possible? Yahoo also is recommending that all users change their passwords if they haven’t done so since 2014.If you use your Yahoo password on other sites, change those too — and make them different from your new Yahoo password. While you’re at it, change up your security questions. Yahoo says the questions and the answers were compromised in the breach. If you tend to use the same security questions across multiple sites, change them everywhere.
With that in mind, many security experts are saying that using security questions as an addition form of protection can be problematic because the internet has made public record lots of personal information and many security answers are usually easy to guess. So something to keep in mind. Are changing passwords enough? Passwords are not enough. If a site offers additional security features, like secondary or two-factor authentication, enable them. Then, when you enter your password, you will receive a message (usually a text) with a one-time code that you must enter before you can log in.
Many bank sites and major sites like Google and Apple offer two-factor authentication. In some cases, the second authentication is required only if you are logging in from a new computer. How can people create stronger passwords without forgetting them? Try a password manager like 1Password (1password.com) or LastPass (lastpass.com) Both services, especially LastPass will offer a free web browser plugin to help you create a unique password for each website you visit and store them in a database protected by a master password that you create. Password managers like both of these help reduce the risk of reused passwords or those that are easy to decode.
If you must create your own passwords, try creating long, complex passwords consisting of nonsensical phrases or one-sentence summaries of strange life events and add numbers and special characters to it