Yahoo announced that 1 billion of their accounts were hacked. These accounts are now sold by internet criminals to other bad guys which are going to use this information in a variety of ways. For instance, they will send phishing emails claiming you need to change your Yahoo account, looking just like the real ones.
The latest breach drew widespread criticism from security experts, several advising consumers to close their Yahoo accounts. “Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it,” Stu Sjouwerman, chief executive of cyber security firm KnowBe4 Inc, said in a broadly distributed email
Here is what I and Stu Sjouwerman suggest you do right away.
- If you do not use your Yahoo account a lot. Close it down because it’s a risk. If you use it every day:
- Open your browser and go to Yahoo. Do not use a link in any email. Reset your password and make it a strong, complex password or rather a pass-phrase.
- If you were using that same password on multiple websites, you need to stop that right now. Using the same password all over the place is an invitation to get hacked. If you did use your Yahoo passwords on other sites, go to those sites and change the password there too. Also change the security questions and make the answer something non-obvious.
- At home, use a free password manager like LastPass that can generate hard-to-hack passwords, keep and remember them for you.
- Watch out for any phishing emails that relate to Yahoo in any way and ask for information.
- Now would also be a good time to use Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.
This is the largest publicly disclosed hack ever, below is a graph fresh from an article in the Wall Street Journal that puts it in perspective.
If you or your business have questions or concerns regarding fraud, computer law, privacy, or cybersecurity law matters, including assistance with policies, prevention or recovery from a ransomware attack and cybersecurity insurance or insurance claims, contact attorney Jeffrey A. Franklin at Prince Law Offices.