You have probably heard by now about the massive hack which hit Yahoo in 2014 but had only been announced last week. The cyberattack which occurred two years ago has exposed the email addresses, telephone numbers, scrambled passwords and other information of half a billion users, although Yahoo has not given a precise timeline explaining when exactly it knew about the 2014 cyberattack.
How do I know if I have been hacked?
Yahoo is said to be taking steps in notifying potentially affected users and prompting users to enter new passwords upon log-in for accounts suspected of breach. However, due to the massive scale of users affected, there is no guarantee that each and every one affected will be notified, especially if your Yahoo account is old. It is safest to take precautionary steps of your own to protect your account from further compromise.
What you can do to make yourself safer
Even if you may not be using Yahoo, here are some safety measures that will come in handy for you anyway:
1. Change your password
The simplest first step would be to change your Yahoo password and any other related accounts’ passwords too. As creatures of habit, hackers understand that we tend to not update our passwords as often as we should or recycle the same password across various accounts, which presents itself as a hacking opportunity.
If you are using the same password for different sites, you are increasing the risk of being hacked. Update all your other passwords too, and be sure to pick a password which is difficult to guess. Include a combination of numbers, letters and characters to build a unique password.
2. Use a password manager
But strong passwords are often a huge pain to memorise!
Here’s how a password manager such as 1Password, Dashlane and LastPass come in handy. Password managers may seem like a hassle as it requires a log-in and special software, but it will help in securing you passwords by generating random passwords for each account.
No account passwords will be shared and all generated passwords and security answers are stored on the platform, so you are only required to remember one master password.
3. Update your security questions
Security questions may seem like a good way to protect against hackers, when in fact it can give a false sense of security if you are repetitively using the same security questions and answers across all accounts.
While Yahoo confirmed that some security answers and questions were a part of the breach, they are making efforts towards disabling any unencrypted security answers on its accounts to protect your privacy. It is advisable not to use too obvious security questions (eg. Your mother’s maiden name) which answers could easily be found via social media or simple Google searches.
4. Practise two-factor authentication
To add an extra layer of protection on top of your password, adopt the practice of two-factor authentication. These days many major sites such as Facebook and Twitter offer this security, although not by default. Two-factor verification entails you to sign up your mobile number to an account in order to receive a text code for each time you are logging in. That way, someone seeking to hack their way into your account still requires physical access to your phone.
Yahoo is recommending people turn on its two-factor authentication tool: Yahoo Account Key. To turn on Yahoo’s two-step verification, follow this guide.
5. Be alert
After a data breach, this is the prime time in which fraudsters are on the prowl to gather more information about you. Frauds, cheats and hoaxers will take this opportunity to send out phishing emails purporting to be the legitimate company, warning of security issues. Emails which may seem perfectly genuine can be loaded with malicious links, or prompt you to provide a password, username or any other personal information.
When in doubt, always consult directly with the company or service in question.
Source: Have I Been Pwned
One of our favourite ways at BolehVPN to keep up with any updates on our personal accounts being compromised in a date breach is by checking our emails through Haveibeenpwnd. The website, set up by Australian security expert Troy Hunt, combs through the 1.4 billion email addresses that have appeared in hacks to reveal if your account was one of the victims in any of the compromised emails in their database.
In a similar case, this site was especially useful in discovering my Tumblr account had been breached, although the data from the hack had been lying dormant for years.
Currently, leading the Haveibeenpwned.com Top 10 breaches is the Myspace hack (359 million) although the latest Yahoo hack can easily claim the No.1 spot (500 million) by being one of the biggest data breaches in a while.