Yahoo Data Breach – What Should I Do?

Yahoo Data Breach – What Should I Do?

The Yahoo data breach grew to epic proportions this week. Although Yahoo already held the title as the largest data breach in US history, it now solidified the title by increasing the number of email accounts hacked. Yahoo’s new parent company, Verizon, announced that the estimated number of breached accounts tripled. The toll now stands at three billion accounts stolen.

During the buyout process, Yahoo announced three years after the first intrusion (there was another hack in 2014), in 2016 that they had been hacked way back in 2013. At that time, the corporate officers estimated the data breach at an impressive one billion accounts. After the announcement, Verizon, of course, negotiated a better sale price, and snapped up Yahoo! at a discounted price tag of $4.48 billion which is $350 million lower than their original deal. Verizon closed the deal in June 2017.

Yahoo is now combined with another Verizon acquisition, AOL into a company names Oath. AOL was purchased in 2015 with no surprise hacking announcements! In charge now, they have their own data forensic team in control of access which discovered that the data breach affected quite a bit more email users – about three billion of them! Can they get their money back? Lol, no.

What Should I Do to Protect my Yahoo Account?

The hack is four years old now but users should take steps to secure their accounts. However, you should protect your Yahoo account with three simple steps:

  1. Change your password
  2. Change your security questions
  3. Enable two-factor authentication (aka Yahoo account key)

The first step is to login into your Yahoo emailemail account. [Figure 1] Changing your password to your Yahoo email and all other online accounts is something you should do on a regular basis. Say every month to six months. Also, be careful of social engineering attacks. This data breach involved exposing the security questions and answers to the Yahoo email accounts.


Figure 1

Common online account security questions:

  • Fathers first name
  • Hometown
  • Pets name
  • Colleges attended
  • Elementary School
  • Mother’s maiden name

A resourceful hacker can dig into various social media accounts to match up your name and the answers to these questions. It is common for people to list these answers on Facebook profiles and LinkedIn bios. Why does that matter? Social engineering is the process where a hacker takes one small bit of information and uses that to gather more pieces. For example, your name and password security questions (not answers) can be used to identify you on social media profiles. From there, a hacker can use that to get the answers to the security reset questions. They then reset your email password.

Emails access can then be used to rest the login information on online bank and credit card accounts.