YAHOO yesterday confirmed online criminals managed to steal personal data from one billion Yahoo users’ Mail accounts in a devastating cyberattack. Here’s how to find out if you were hit by the cyberattack, how to change your password, and how to secure your account.
Yahoo today admitted that another devastating security breach has resulted in the theft of personal information from at least one billion Yahoo accounts.
An investigation is still ongoing into the breach, which Yahoo said occurred back in 2013.
“Yahoo has identified data security issues concerning certain Yahoo user accounts,” the firm confirmed in a statement.
“Yahoo has taken steps to secure user accounts and is working closely with law enforcement. As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data.
“The company analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.
“Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts.”
Yahoo said the stolen information includes names, email addresses, telephone numbers, dates of birth, and hashed passwords.
Payment card data and bank account information was not compromised, Yahoo added.
The US technology company said it believes this latest cyberattack is “distinct” from another online attack the firm reported in September this year.
That attack involved around 500 million accounts and was said to have been carried out by a “state-sponsored actor” in late 2014.
The company also said it analysis has led it to believe the same state-sponsored hackers were involved in this newly-disclosed attack.
Yahoo recommends users “review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account.”
“The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information,” it added.
Those with a Yahoo email account should be on the lookout for any suspicious-looking messages asking you to input any personal data from your account.
Earlier this year, cybercriminals took advantage of the online attack to try and trick Yahoo mail users into clicking onto phishing websites – mistakenly thinking it was a genuine URL from Yahoo looking to help secure online accounts.
If you’re worried about the hack, it’s worth checking the website haveibeenpwned.
Run by security researcher Troy Hunt – the free database tracks online breaches and allows anyone to check whether their email address has been included in a publicly-available leak.
In this instance, you’ll need to enter your Yahoo email addresses to see whether your account has been affected.
The site will tell you when the breach occurred and exactly what information was impacted.
You can also sign-up for alerts tied to any of your email addresses, so you will be notified as soon as another breach is picked up by the site.
Yahoo is asking any users that have not changed their passwords in the last two years to do so now.
Open your Yahoo Account Info page, then click Account Security > Change Password.
Enter your new chosen password and hit Confirm. A confirmation will then appear, click Continue to finish the process.
Yahoo provides email accounts for a number of partners, including BT, Sky UK, Verizon, AT&T, Frontier, Rogers, Spark, and MTS.
If you use any of these service – change your password using these methods.
Always create a unique password for every one of your online accounts.
For example, take the first letter of each word in your favourite song lyric, phrase or poem – and use those letters, which appear like a random jumble, as your password.
A password manager is another way to generate and securely store unique passwords with letters, symbols and numbers.
Yahoo has published its own security tips on the official company’s Tumblr platform.
It reads: “Change your password and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
“Review your accounts for suspicious activity. Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
“Avoid clicking on links or downloading attachments from suspicious emails.”
Yahoo chief information security officer, Bob Lord said: “An increasingly connected world has come with increasingly sophisticated threats.
“Industry, government and users are constantly in the crosshairs of adversaries.
“Through strategic proactive detection initiatives and active response to unauthorised access of accounts, Yahoo will continue to strive to stay ahead of these ever-evolving online threats and to keep our users and our platforms secure.”