As may have heard by now, Yahoo says it suffered a massive data breach that compromised 1bn accounts. The breach, dated back to 2013, and is separate from another disclosed in September, in which 500m user accounts were compromised.
Data breaches are seemingly happening more and more so we might let ‘yet another data breach’ news to fall on deaf ears but we need to put this into some perspective …
This breach happened in 2013 and according to Internet Live Stats, the internet users worldwide amounted to just over 2.7 billion in 2013. Yahoo stated that over one billion user accounts were compromised, that’s over a third of the total internet users at the time.
Think about that for a second. Now imagine as you walk down a street that every third person you see has potentially had their personal details stolen and are now accessible to criminals on the internet.
So what can you do about the breach?
We are sorry to say, but the answer is: NOTHING! Sorry, but it’s true, there is nothing you can do about that particular data breach. However, you can try and limit any further damage as a result of your data going missing.
The first advice that tech professionals give you is usually – ‘change your passwords’ – and if you re-use passwords, that’s still very good advice. If you have yahoo accounts – change those IMMEDIATELY – it’s #1 on our list below.
Here are a list of things you should consider for your continued security:
- Change your Yahoo password *and* your security questions immediately, especially if you use them on multiple accounts. As a rule of thumb, do NOT re-use the same security questions and answers for all of your accounts.
- Consumers need to be aware of targeted phishing scams, a socially engineered attack that cybercriminals use to lure people into clicking malicious URLS with malware. This is extremely important, now that personally identifiable information (PII) is ‘in the wild’ as a result of this breach.
- Make all new passwords different and difficult to guess. Cyber criminals are now using tools that sniff out passwords reused on other valuable sites to make their work easier and to make the stolen passwords and other hacked data more lucrative on the dark web.
- Include upper and lower case letters, numbers and symbols to make passwords harder to crack – refer to our blog article Top tips for staying safe online for simple security tips, and our article ‘Password Strength: It’s not about special characters!‘ for tips on creating stronger passwords. Remember that a complex passphrase is less likely to be cracked or brute-forced.
- Be careful with your security questions: information such as your mother’s real maiden name is easy to track down in the era of social media. You don’t have to give the actual answer to the question: “what’s your favorite food?” – you only have to give an answer that you will remember. If you use a password manager, you can record the secret questions and fake answers used on a site in the ‘notes’ field!
- Consider adopting two-factor authentication wherever possible: instructions for Yahoo users are here.
Although we don’t yet know if Yahoo was breached due to someone internal to their systems having fallen for a phishing attack – we do know that this is an ever increasing tactic used by the scammers. It’s easy to setup and to copy a legitimate email from a tech company. The chances of falling victim increase with the number of phishing attacks you receive, so be super-vigilant. Don’t fall victim to phishing scammers as this example.