Yahoo Announces Breach of One Billion Accounts
Hot on the heels of Yahoo announcing a data breach of 500 million users in September, the company has announced that it has suffered another breach of one billion accounts. Yes, you read that correctly - one BILLION accounts.
While Yahoo was analysing the data from the September breach with cybersecurity forensic specialists, it believes that it uncovered a separate breach. It appears that in August of 2013, a “third party” stole information related to over one billion user accounts. Yahoo has stated that this is not related to the data stolen in the previous breach.
Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords and possibly security questions and answers as well.
Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.
2016 seems to be the year of the “mega-breach” with Symantec reporting on eight major breaches involving well-known companies. Big data is big money for attackers, so they set their sights on companies that tend to hold large amounts of personally identifiable data on their customers, such as Social Security numbers, birthdates, home addresses and even medical records.
What Yahoo is doing to protect its users
The company is currently identifying and notifying potentially affected users instructing them to change their passwords immediately. In addition to notifying users, they are removing any unencrypted security questions and answers from the affected accounts so cybercriminals cannot use those answers to break into users’ accounts.
How to protect your accounts:
In situations like this, we cannot stress enough the importance of using safe and secure and passwords.
Here are some tips on creating a secure password:
• Use a random combination of at least ten symbols, letters and numbers.
• Don’t use the same password for multiple websites. Ever.
• Don’t use words in your passwords – cybercriminals have programs that can crack those passwords in a heartbeat.
• Don’t use any personal information in your password – not even your birthdate.
• Do not open emails from unknown sources and delete anything that appears questionable.
• Do not rely on security questions to protect your account/password. Most security questions are common across applications, and the answers are often found on public social media sites.
We understand that it can be hard to keep track of dozens of complicated passwords for multiple websites; however, cybercriminals count on password reuse in order to gain access to other accounts. One way to get around the annoyance of having to remember all of those unique passwords is using a secure password manager, such as Norton Identity Safe.
Another great way to protect your account is if the service offers two-step verification. Two-step verification is a method of verifying your identity in addition to your username and password. Two-factor authentication asks you to provide one of the following things:
• Something you know – a pin number, password or pattern.
• Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
• Something you are – biometric authentication such as a voiceprint or fingerprint.
You can also visit Yahoo’s Safety Center page for more information on how to secure your account. Yahoo also offers a Yahoo Account Key, which is an authentication tool, similar to two-factor authentication as well.