If you had a Yahoo account between January 1, 2012 and December 31, 2016 including a Yahoo email account, a Yahoo Fantasy Sports account, a Tumblr account or a Flickr account you are eligible for two years of free credit monitoring services or a cash payment of as much as $358, but more likely as little as $100 or less.  If you choose the cash payment, you will need to verify that you already subscribe to a credit monitoring service.  The exact amount of the cash payment is dependent upon how many people apply for the  payment and how much money is left over after other payments required by the settlement.  If past settlements are an indication, you can expect to get less than $100 from the Yahoo settlement if you opt for the cash payment.  The Yahoo data breach, may have been the largest data breach on record with more than 3 billion people affected.  Information taken in the data breach included names, email addresses, telephone numbers, birth dates, passwords and security questions and answers.  All of this data puts victims of the data breach in serious danger of identity theft  While no credit card information or Social Security numbers were lost in this data breach, which has been attributed to Russian hackers by the Justice Department, the risk of identity theft from this data breach is significant.

Scammers have contacted people through phishing emails posing as Yahoo and attempted to lure the targeted victims to click on links or download attachments containing malware.  In other instances, the scammers will ask for personal information in an effort to gain information that can be used for purposes of identity theft.  The real Yahoo does not do this.  If you have questions about your Yahoo account, you can contact help.yahoo.com for free assistance.


Here is a link to the Yahoo data breach settlement website where you can get more information about filing a claim.  The deadline to file a claim is July 20, 2020.  https://www.yahoodatabreachsettlement.com/en

As I have suggested many times in the past, you should have a unique password for each of your online accounts so that in the event of a data breach at one online company with which you do business, your accounts at your bank and other online accounts are not in jeopardy. Although Yahoo has indicated that the passwords stolen were hashed, which is a form of encryption, there is still concern that these passwords could still be cracked.  Go to the June 7, 2016 Scam of the day for tips about how to pick strong passwords that are easy to remember.

Whenever possible use dual factor authentication for you accounts so that when you attempt to log in, a one-time code will be sent to your smartphone to insert in order to get access to your account.  For convenience sake you can set up dual factor authentication so that it is only required if you are logging in from a different computer or device than you normally use.  Yahoo provides for dual factor authentication.

Security questions are notoriously insecure.  Information such as your mother’s maiden name, which is the topic of a common security question can be readily obtained by identity thieves.  The simple way to make your security question strong is to use a nonsensical answer for the question, so make something like “firetruck” the answer to the security question as to your mother’s maiden name.

As always, don’t click on links or download attachments in any email or text message you get unless you have absolutely confirmed that it is legitimate.