Yahoo has disclosed that it suffered a massive data breach in 2013 in which account details of as many as 1 Billion Yahoo users were compromised. The breach is different from the 2014 breach that Yahoo disclosed in September. The previous breach in which the attackers stole the usernames, passwords, telephone numbers, and birth dates of as many as 500 million users was considered to be the largest breach in the human history until now. With more details emerging about the 2013 breach, it could possibly be the largest data breach in the human history. Similar to the previously disclosed one, the account details including username, password, telephone numbers, birth dates and even security questions have been stolen by the hackers. The statement released by Yahoo says “The company has connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016” which essentially means that both of the data breaches are connected to some extent.
We understand that you might be having questions related to the breach. In this article, we will try to answer some of the basic questions. For more you can leave your queries in the comment section at the bottom of the page.
How do I get to know if I my details are stolen?
Unlike the 2014 breach which Yahoo disclosed in September, it has not said anything regarding notifying the affected users as of now. But given the fact that out of total 3 Billion users on the internet 1 Billion have been affected in this breach, the risk of being affected for the Yahoo users is very high. Yahoo might or might not inform its users, but users should consider the worst case scenario and take certain immediate steps for securing their details.
Should I change my password?
Yes, if you are a Yahoo user you should change your password right away. You should not wait for the communication from Yahoo. You should also change password for all of your email accounts including those that are not on the Yahoo domain. Make sure you create unrelated strong passwords for each email account.
How do I create strong password?
Few things you should always remember before creating a password:
The longer the password, the harder it is to crack. Make sure your password is at least 12 characters long.
Your password should be a mix of numbers, capitalization, special characters, spellings and punctuation.
You should avoid using simple nouns
Use replacements for a strong password. It means that you should replace “s” with “$”, “i” with “!”, “for” with “4” and so on.
Avoid reusing your old passwords.
Always change your passwords after 3 months.
You can use either of the following methods for creating strong passwords:
a) Breaking the sentence Method: This method is quite simple and many people use it including the professional security experts. All you need to do is take a sentence and then turn it into the password. Let me explain it to you.
Let’s consider a sentence: Yaay! Messi scored a goal
You can rewrite it as : Y@YMe$C$c0@l
b) The Person-Action-Object (PAO) method: It’s quite simple to create passwords using this method and not even people close to you can make a guess. Select a random Person like Michael Phelps, a random object like Mount Everest and a random action like Running. Now link the Person Action and the Object to create a sentence. In this case we can make one such as “Michael Phelps found running a marathon on Mount Everest”. You can further break this passphrase using the “Breaking the Sentence Method” something like “Miphforumeverest”.
c) Using Random Password Generator: There are many random password generator websites which can help you create strong random passwords. The deal with these passwords is that they are so random that it becomes difficult for a person to remember them. All you need to do is create strong passwords using these websites and then store your passwords in a password manager app like LastPass, 1Password etc. These apps will store all your strong passwords.
Once you have created a password you can check its strength at online password checkers like Online Domain Tools. Nowadays almost all web pages provide a measure of strength of your password at the same time when you are creating one. You should always pay heed to that.
Click here to know more about creating strong passwords.
Is my Password enough to secure my account?
No, although strong passwords provide a reliable security cover but they are not enough to make your account 100% secure. To enhance your cyber security, you should use two-factor authentication if your service provider is offering that. Almost all financial firms and even email giants like Google and Yahoo provide two-factor authentication in which you receive a One-Time Password in real time on your phone before you make any changes to your account. Without entering the One-Time Password, you won’t be able to make any changes to your account. Thus, if any hacker gets to know your password, he can’t make any changes unless he has a control on your phone as well.
The breach happened in 2013. The hackers had my password for around 3 years. What’s the fun of changing my password now?
You should change your password even if you don’t suspect any changes done by hackers to your account. The breach has affected as many as 1 Billion users. In such cases, the hackers usually convert these details into hashes (a type of encryption) and upload them online for free or sell them on the dark web. Now other bad actors can get the data and there are chances they crack these hashes. Before someone cracks them and misuses your account it’s better you change your password.