How often do you change your internet passwords? If it's been a while, you might want to get right on that — especially if you have a Yahoo account. According to Reuters, Yahoo Inc. disclosed Thursday that an estimated 500 million user accounts were hacked by a "state-sponsored actor" back in 2014, making it potentially one of the biggest cybersecurity breaches on record. That means that it's entirely possible you've spent the last two years blissfully unaware that your personal information has been accessed, and since that thought is incredibly unsettling, here's how to tell if your Yahoo account was hacked.
In a statement released online, Yahoo said Thursday that a variety of account data would have been become available as a result of the breach, including "names, e-mail addresses, telephone numbers, dates of birth, hashed passwords" and security questions/answers. Other sensitive information, like unprotected passwords, payment card data, or bank account information is not thought to have been affected, since that kind of information is not stored in the system that was hacked, but that's only relatively good news. And that's because even basic leaked personal information (even just usernames and passwords) could make other accounts an individual has vulnerable, too. As cybersecurity expert Michael Borohovski explained to CNN,
The problem is not that [people] need to be concerned about their Yahoo account — its all the other accounts they use. I'm not entirely sure that the scale of this is going to be limited to Yahoo.
The most straightforward way to know for sure whether your Yahoo account was affected will be to wait for Yahoo to tell you that it was. According to CNET, Yahoo has started sending out notifications to users whose accounts were breached, so if you don't use your Yahoo account regularly, logging in now might be a good idea (it's worth noting though, that users should beware of any suspicious-looking emails from Yahoo — or anyone else — involving links or requests for personal information, since they could be a scam). General signs that an account has been hacked, according to the Yahoo help page, can include account information that is changed in some way without the user's knowledge, spam emails being sent to others from the user's email account, or unrecognized login locations listed on the user's recent activity page (instructions for how to check that can be found here).
While you're waiting, it will be a good idea take care of some online security housekeeping, which first and foremost means updating your passwords. According to The Wall Street Journal, anyone with a Yahoo account should change their password to a new, not-easily-guessed password, and should also change the security questions and answers that go along with it (although while you're changing your Yahoo password, you might as well set new passwords for all of your commonly-used accounts). CNN also suggests that users never use the same password twice, and that passwords should be unique and made up of words or numbers that don't go together — not to mention avoiding some of the most common password pitfalls, like using strings of consecutive numbers (e.g. 123456), words like "password," or birthdates. And when possible, users should opt for a second authentication step for logins, like entering a code sent by text to the mobile phone listed on your account.
Another way to keep tabs on any potential hacking of your email accounts? Sign up for notifications from data breach website Have I Been Pwned. Started by Australian web security expert Troy Hunt, Have I Been Pwned allows users to enter their email addresses and check them against a database of known data breaches to see if they've been compromised, according to Motherboard. Users can then verify their accounts and have a message sent to them if their information matches that exposed in past security breaches. While it doesn't necessarily protect anyone from having their accounts hacked, it does provide users the opportunity to update their account information in a timely manner after a breach has occurred (which isn't so much the case in the Yahoo breach, seeing as most users are just learning about it now, two years later).
Having personal information hacked online isn't really something anyone wants to think about, but from the sounds of it, it's a pretty common occurrence. Staying on top of your own account security by monitoring usage, keeping passwords regularly updated and challenging, as well as closing any old accounts you no longer use that might be leaving your information vulnerable, are all helpful steps to offer more protection against leaks, and are ways to keep your information as private and safe as possible.