If you're a Yahoo user (or ever have been), you'll want to change your password ASAP — and not just on that Yahoo account. Today, the company confirmed that at least 500 million user accounts were breached in late 2014.
Rumors of the breach began spreading in August, when Yahoo told Vice's Motherboard that it was looking into claims from the cybercriminal Peace. Peace, who previously hacked LinkedIn and MySpace, said that he (or she) was selling Yahoo user data, including passwords, usernames, dates of birth, and emails, online.
During the early stages of its investigation, Yahoo didn't issue a site-wide password reset. Now, however, it's urging users to do so. If your account was hacked, changing your password won't do much to protect information that's already been attained. That being said, here are next-step safety measures you can take.
First, you can enter your email address or username on the website Have I Been Pwned? While it isn't a foolproof way to know if you've been hacked, the site does a good job of keeping track of breaches and letting you know if your personal information has been shared illegally. You can also sign up to be notified of future hacks.
If you used the same password or username for Yahoo as you did for other apps and sites, go to those and change both (whenever possible) in your personal account settings. You may also want to update your security questions and answers: One smart tactic is to choose a question and respond with a fake answer, or an answer to another question. For example, you might choose the question "Mother's maiden name" — something that could be easily Googled about you — but respond with the make and model of your first car. The big caveat here, though, is you need to remember, and be consistent, about doing this.
And if you don't already, use a password manager such as LastPass. For sites such as Facebook or Google, make sure to set-up two-factor identification, which creates an extra wall for anyone trying to break in.
Otherwise, keep a close eye on any activity in your bank account, credit card history, and email to make sure that no unauthorized transactions are taking place. Norton Security recommends changing your email address altogether and notifying friends that your account may have been hacked so that they're on the lookout for spam sent from your address.
Even if it turns out that your Yahoo account wasn't hacked (fingers crossed), these are protective steps that you should always take. A hack might spur you to action now, but safeguarding all of your online information will ensure that you won't have to deal with a scare like this again in the future.
AdvertisementADVERTISEMENT