Not wanting to be outdone by Equifax and its data breach affecting 145 million Americans (sarcasm), Yahoo, which was recently bought by Verizon has just announced that its massive 2013 data breach which it had previously said “only” affected a billion people actually affected all 3 billion of its customers.
Included in the stolen information was names, email addresses, telephone numbers, dates of birth, hashed passwords as well as security questions and answers, only some of which were encrypted.
While no credit card information or Social Security numbers were lost in this data breach, which has been attributed to Russian hackers by the Justice Department, the risk of identity theft from this data breach is significant.
Scammers are already contacting people through phishing emails posing as Yahoo and in an attempt to lure the targeted victims to click on links or download attachments containing malware. In other instances, the scammers will ask for personal information in an effort to gain information that can be used for purposes of identity theft. The real Yahoo does not do this. If you have questions about your Yahoo account, you can contact help.yahoo.com for free assistance.
As I have suggested many times in the past, you should have a unique password for each of your online accounts so that in the event of a data breach at one online company with which you do business, your accounts at your bank and other online accounts are not in jeopardy. Although Yahoo has indicated that the passwords stolen were hashed, which is a form of encryption, there is still concern that these passwords could still be cracked. Go to the June 7, 2016 Scam of the day for tips about how to pick strong passwords that are easy to remember.
Whenever possible use dual factor authentication for you accounts so that when you attempt to log in, a one-time code will be sent to your smartphone to insert in order to get access to your account. For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use. Yahoo provides for dual factor authentication.
Security questions are notoriously insecure. Information such as your mother’s maiden name, which is the topic of a common security question can be readily obtained by identity thieves. The simple way to make your security question strong is to use a nonsensical answer for the question, so make something like “firetruck” the answer to the security question as to your mother’s maiden name.
As always, don’t click on links or download attachments in any email or text message you get unless you have absolutely confirmed that it is legitimate.