Are you a Yahoo user? Here's what you should do

SAN FRANCISCO — Yahoo said Thursday an investigation had confirmed that information associated with at least 500 million user accounts was stolen from the company in late 2014.

Yahoo users and others should immediately take steps to protect themselves, and stay vigilant for attempted add-on attacks in the coming days and weeks. You can see if you were affected by the breach here.

Yahoo also owns the photos sharing site Flickr and the blogging platform Tumblr. No Tumblr accounts were affected. However some Flickr accounts might have been, as in some cases user’s Flickr and Yahoo IDs are linked. Yahoo is reaching out to those users.

Yahoo has 1 billion people globally who engage with one of Yahoo's properties each month. About 250 million use Yahoo Mail, while Flicker has 113 million. Several hundred million use Tumblr, while another 81 million use Yahoo Finance and tens of millions use Yahoo Fantasy Sports.

“I've actually changed my password since this breach in 2014, but regardless I'm never happy to hear about something like this,” said Mike Rhode of Arlington, Va., a user of Flickr and Yahoo Groups. “However, as a long term employee of the Federal Government, I've had my data compromised twice, and have largely resigned myself to this type of issue being an ongoing problem in today's world.”

Take action

Yahoo said it was notifying potentially affected users and taking steps to secure their accounts. That included invalidating unencrypted security questions and answers so that they could not be used to access an account. Yahoo will also ask potentially affected users to change their passwords.

Yahoo users who haven't changed their passwords since 2014 especially should immediately change not only their passwords but also their security questions, the company said.

Users should also consider enabling two-step authentication on their Yahoo accounts, to provide an extra and very strong level of security. This form of verification sends a text message or call to the user's phone with a code as a second verification step. The code which must be typed in before the account can be opened.

Instructions on how to enable two-step authentication in Yahoo are on its website.

In addition, users need to think about passwords and security questions from other accounts on which they gave the same or similar information used for their Yahoo account and possibly change them as well.

Once hackers have access to ID and password information for one system, they routinely try the same combination against multiple other platforms to see which ones work, an easily automated process.

Users should avoid clicking on links or downloading attachments from suspicious emails that claim to be updates from Yahoo or others about the breach.

Hackers often use news of big breaches to conduct "phishing" campaigns, sending official-looking emails that make it seem as if Yahoo or other legitimate services are asking them to supply information or click through to a link to repair any damage — something legitimate services will not do.

When in doubt, call or email the company that appears to be sending the message separately, don't go through the email you've been sent.

Yahoo users should be cautious of all unsolicited communications that ask for personal information, the company said.

Finally, all users should review their online accounts for suspicious activity. That includes banks, credit card companies and hotel and airline loyalty programs.

Contributing: Mike Snider


JOIN THE CONVERSATION

To find out more about Facebook commenting please read the
Conversation Guidelines and FAQs

Leave a Comment
More Stories