Back in September, Yahoo revealed that it was hacked in late 2014 by a “state-sponsored actor” who stole information from at least 500 million Yahoo users. Yesterday, Yahoo has more news to share, though this time it’s worse and from a different hack altogether. According to a blog post on Yahoo’s Tumblr, the company believes that in August 2013, an “unauthorized third party” stole “more than one billion user accounts.” Good lord.
Yahoo has not yet figured out the identity of this third party, but they do at least believe that it was different from the previous hack. I don’t know if that’s supposed to make us feel better or not?
What is Yahoo doing now? Well, if you are an affected user, you probably were already notified that you need to change your password. Also, Yahoo has invalidated unencrypted security questions and answers, so those can’t be used to access your accounts. This, of course, is all happening about 3 years too late.
What can you, the Yahoo user do? Here is Yahoo’s recommended list of items:
- Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account;
- Review all of your accounts for suspicious activity;
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information;
- Avoid clicking on links or downloading attachments from suspicious emails; and
- Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
If you want to know even more, you’ll find a bunch of info right here.
And finally, are you sure you still want to keep that Yahoo account of yours active? We’re talking about two separate hacks that affected more than a billion people and yet we are just finding out about them 2-3 years later. Yikes.