Private information from at least 500 million Yahoo accounts was stolen from the network in late 2014, the company announced on Thursday. Yahoo added that it believes that a “state-sponsored actor” was behind the massive data hack. Considering that the stolen data — which includes names, email addresses, telephone numbers, birthday, saved passwords, and some “unencrypted security questions and answers” — contains many details about users’ personal information, it’s crucial to know if you were affected by the Yahoo data breach, because it’s reportedly one of the biggest hacks of all time.
First things first, if you have a Yahoo account and haven’t changed your password since 2014, the company recommends you do so immediately. Even if you changed your password somewhat recently, change it again, along with security questions and answers for any other accounts which you may have used the same or similar information used for your Yahoo account.
"Yahoo encourages users to review their online accounts for suspicious activity and to change their password and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account," Yahoo said in a statement on Thursday. "The company further recommends that users avoid clicking on links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information."
Yahoo said on Thursday that the company is currently notifying potentially affected users. But, even if you don't use the Yahoo account you opened several years ago, you should still take protective steps to make sure your other email, banking, and social media accounts are safe.
This is because, according to USA Today, a Gartner survey found that 50 percent of users use the same passwords across multiple platforms. That means that hackers might be able to gain access to multiple accounts, which is a hacking technique called "credential stuffing."
"The bad guys get lists of user IDs and passwords and the test them, they run through them at all the sites they want to attack to see where they work," Avivah Litan, vice president and analyst at Gartner Research, told USA Today.
Yahoo says it is conducting an active investigation into the matter and said there is no evidence that the hacker still has access to the company's network.
In the meantime, make sure to keep a close eye on your bank accounts, credit card history, as well as your primary email account, even if it's not Yahoo, just in case there is anything that looks even slightly suspicious. Within any of your email accounts, avoid clicking on links or downloading attachments from suspicious emails, even if it claims to be updates from Yahoo about the breach.
While it's possible that your Yahoo account wasn't hacked and you're completely unaffected, with a data breach as big as this it's always better to err on the side of caution and protect your online information. Taking action now will give you peace of mind for any future security scares.