Save, make, understand money

Household Bills

One billion Yahoo accounts hacked: tips to protect yourself

Paloma Kubiak
Written By:
Paloma Kubiak

More than one billion Yahoo user accounts had data stolen back in 2013 – separate to the historic hack which came to light just in September.

Last night it emerged that Yahoo had identified “data security issues” concerning more than a billion of its user accounts.

Yahoo said that for the potentially affected accounts, names, email addresses, telephone numbers, dates of birth, hashed passwords and in some cases, both encrypted and unencrypted security questions and answers were accessed.

Following an investigation, it confirmed that the stolen data did not include passwords in clear text, payment card details or bank account information. Yahoo added that payment card data and bank account information are not stored in the system the company believes was affected.

How did this happen?

Bank in September, Yahoo disclosed that at least 500 million user accounts data was stolen in 2014. An ongoing investigation was launched and in November Yahoo received data files that a third party claimed was Yahoo user data. It analysed the data and confirmed it was from its user base.

After further analysis, it believed an unauthorised third party stole data in August 2013, which is separate to the hack in 2014.

Forensic experts also investigated the creation of forged cookies that could allow an intruder to access users’ accounts without a password and Yahoo believed a third party accessed its code to learn how to forge cookies.

Yahoo said it is notifying the affected account holders and believes this is connected to the 2014 hack.

What should Yahoo users do?

It’s best to change your password as soon as possible and Yahoo said it’s invalidated unencrypted security questions and answers so they can’t be used to access an account.

It’s wise to change your security questions and answers on any other accounts which may have the same details.

You should look out for any suspicious activity on your accounts and if you receive any unsolicited emails asking for your personal information, consider discarding it and don’t click on any links or download attachments from suspicious communications.

Top tips to stay safe

Clayton Locke, chief technology officer at Intelligent Environments, provides the following top tips for consumers to keep their valuable data safe:

  • Make sure you immediately change the automated PIN or password you are provided with when you first set up an account
  • If you ever suffer from fraud, make sure you change your PIN or password on the affected account as well as any other accounts where you use the same or similar details
  • Have a small set of passwords that are used depending upon the level of security required: a complex one for banking, a simpler one for online news.
  • Use a password manager so that you can realistically have multiple passwords for different access (the average person has 40 passwords to keep track of.)
  • Use special characters or numerals in place of numerals: Santaclause becomes $ant@Cl4u5e.