In September, Yahoo
announced what was at the time thought to be the biggest data theft ever, with
500 million accounts breached. It turns out that was just the tip of the
iceberg: we've just learned that another 1 billion Yahoo accounts
were compromised in an earlier—likely unrelated—attack in
August 2013. While hackers didn't get any financial information, they did
acquire logins, encrypted passwords, birth dates, secret questions and answers,
and other personal data.
And while we know—or
should know—not to reuse passwords across multiple sites, the other data is
concerning. Security questions and answers, which typically use basic factual
information to verify your identity, is especially concerning because we often
do use those details across multiple accounts. (And we're learning that to stay
secure, we shouldn't answer those questions
truthfully.)
Yahoo is making
affected users change their passwords and, in some cases, update their security
questions, but you should do more—even if your account, wasn't among those
hacked. Here are the steps Yahoo users should take immediately:
Change your
password.
If you've ever used
your Yahoo password as the password to login to any other sites or services,
change those account passwords.
If you used the same
answers to secret questions on other sites, you need to change those answers.
If you aren't sure what secret questions and answers you've used, it's a good
time to go through and update the answers everywhere.
For extra
security, turn on two-factor
authentication for your Yahoo account.
If you don't have a
Yahoo account, there's no reason to be complacent. More breaches will happen,
and you can take steps to protect yourself now. This is what we recommend for
all Internet users:
Never share
passwords between accounts. If you have accounts using the same passwords,
change them now, before a security breach at one site means all of your
passwords are compromised.
Follow our tips
for creating a strong password.
Use a password manager to help make the
process of managing multiple passwords simple. Don't write your passwords down
and definitely don't keep them on a Post-it note stuck to your monitor.
Use two-factor
authentication for sites that support it. This requires you to enter your
username, password and an additional code (typically texted to your phone) in
order to sign in—and it means that even if hackers get your password, they
can't get into your account. Check this list of services that support two-factor authentication to
find out if your frequently-used sites are on the list.
Lie when answering
secret questions. (This is information you can also keep track of using a
password manager.)
Delete accounts you
don't use anymore. While this may or may not keep you safe from a new hacking
attack if any of your data is kept on file, there's no need to keep personal
data stored on a service you don't use anymore.
Now, get to changing
those passwords, everyone!
No comments:
Post a Comment