Yahoo confirmed Thursday that data from more than 500 million accounts was stolen after potential nation state hackers breached their network in 2014.
According to a press release, an investigation by Yahoo found that the attackers were able to obtain “certain user account information” that included everything from names to hashed passwords.
“A recent investigation by Yahoo! Inc. (NASDAQ:YHOO) has confirmed that a copy of certain user account information was stolen from the company’s network in late 2014 by what it believes is a state-sponsored actor,” the press release states. “The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.”
“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected. Based on the ongoing investigation, Yahoo believes that information associated with at least 500 million user accounts was stolen and the investigation has found no evidence that the state-sponsored actor is currently in Yahoo’s network.”
Those with Yahoo accounts should take the following steps to protect their accounts:
Change Your Password
While changing your password may seem like obvious advice, there are several things to consider when doing so.
Firstly, make sure your password is long, complex and most importantly unique. Use letters, numbers and special characters. If your current Yahoo password is one you also use on other websites, you will need to change those too. If a hacker obtains your password, he will likely attempt to use it on other websites in order to access your online bank and social media accounts.
Use A Password Manager
Remembering long and unique passwords can be difficult. Obtaining a password manager – an encrypted database that allows you to create and store complex passwords – is a great way to increase the security of your online accounts.
Enable Two-Step Verification
If you are comfortable giving your cell phone number to Yahoo, enabling two-step-verification is a must for increasing the security of your account. Once enabled, Yahoo will text you a randomized code to enter online. This way, if any hacker does get ahold of your password, he will be unable to access your account without your cell phone.
Although Yahoo says credit card data was not stolen, check your bank statement – if you used your credit card with Yahoo – to make sure no unauthorized charges have been made. Online services from sites such as Privacy.com also offer you the ability to use disposable credit cards online, keeping your real credit card out of breached databases.