Friday, September 23, 2016

More than 500 million Yahoo accounts stolen back in 2014 and What you should do?

Yahoo has confirmed that more than 500 million Yahoo accounts were stolen back in 2014 by a state-sponsored actor. Investigation concluded the stolen account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers. This did not include unprotected passwords, payment card data, or bank account information.

What is Yahoo doing to protect my account?

From the Account Security Issue FAQs published by Yahoo:
  1. We are notifying affected users.
  2. We are asking affected users to promptly change their passwords and adopt alternate means of account verification.
  3. We invalidated unencrypted security questions and answers so that they cannot be used to access an account.
  4. We are recommending that all users who haven't changed their passwords since 2014 do so.
  5. We continue to enhance our systems that detect and prevent unauthorized access to user accounts.
  6. Our investigation into this matter continues.
I personally tried to log into all of my three Yahoo accounts and out of these three, one of them could be compromised. If yours is too, you will see the below popup.



Is there anything I can do to protect myself?

From the Account Security Issue FAQs published by Yahoo:
  1. Change your password and security questions and answers for any other accounts on which you use the same or similar credentials as the ones used for your Yahoo Account.
  2. Review your accounts for suspicious activity.
  3. Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
  4. Avoid clicking on links or downloading attachments from suspicious emails.

No comments:

Post a Comment

Do provide your constructive comment. I appreciate that.