Another week, another massive data breach in what’s being described as the largest one yet. Yahoo! announced last week that 500 million accounts had been compromised back in 2014. While the circumstances and impact are still being investigated, the breach currently points to a government-sponsored malicious attacker. The nation-state responsible has yet to be named.
Going by the name of “Peace,” – likely the same attacker that breached 100M LinkedIn accounts. Information stolen includes not only users’ names and email addresses, but also passwords, security questions, birthdates, and other key personally identifiable information (PII). Whether the motivation of the cybercriminals is to damage Yahoo’s brand reputation, to use the data for nefarious purposes directly, or to sell the information on the black market, has yet to be seen. Identity theft petri dish, anyone?
Breached or not, if you haven’t yet, it’s worth taking five minutes right now to secure your account and related personal information:
#1. Change Your Password
It’s quick, easy, and important. Update your password across any and all Yahoo accounts, from installed apps to email. It is generally recommended that a strong password uses a phrase, combined with numbers, symbols, and characters of mixed capitalization. If the same password is used across other accounts you have, change those passwords, too. And make sure they all differ – making account-hopping difficult for a hacker.
If you can’t keep track of them all, there are apps for that. 1Password is just one of a great number of apps to securely store and organize all your passwords.
#2. Implement Two-Factor Authentication (2FA)
Two-factor authentication involves the addition of a mobile phone number or email address that sends a unique access code upon login, and it is becoming the industry norm to increase account access security. It may be one more step you have to take when logging into your respective account, but it will ensure not only does the attacker require your correct password, they also require your mobile phone or email address to receive the unique code and gain access.
Yahoo! has 2FA capabilities, so go ahead and add your mobile phone number right now. Just make sure it’s not the same mobile phone that was associated before the breach, those have been obtained in the hack too.
#3. Monitor Your Accounts
Pay close attention to all accounts – financial, other email, social, and other applications. Monitor them all for any suspicious activity or security alerts.
As sad and desensitizing as it is, at the end of the day we all know the drill. We’ve been through this countless times now with breach after breach. While reviewing your Yahoo! accounts, be proactive and review the security settings of other accounts you have. You just might find new ways to keep your information safe in the not-going-away-anytime-soon digital world.