In an incident that shook the entire world to its core, Yahoo announced a data breach that affected the company’s three billion user accounts. Yes, you read that right! Three billion Yahoo accounts were compromised by hackers in August 2013, who stole sensitive account information and personally identifiable information of users.
It took Yahoo three years to discover the breach and another year to successfully complete the investigation. The Yahoo account breach is now considered the largest in the world’s history.
The story doesn’t end here! “Yahoo hacked again” was the breaking news after few months. The company later disclosed that it had been a victim of another massive data breach that took place in 2014.
This breach affected as many as 500 million users. Attackers were able to gain access to and steal personal information, usernames, passwords, phone numbers, dates of birth, and unencrypted security questions and answers. Not just the information, cyber criminals were also able to gain access to users’ emails. These are two major breaches that Yahoo suffered within a span of one year.
What does it mean to you? If you are (or were) a user of Yahoo your account data, content of the emails, and personal information is now in the hands of hackers. When Yahoo email accounts were hacked, cyber criminals got access to such data which can be leverage to further propagate more attacks.
For instance, your personal information such as email ID, name and date of birth can be used to curate personalized emails with malicious URLs and attachments. Since these emails contain information about you, you are more likely to believe that they are genuine and click on the links in the content, the attachments, or even reply to the emails.
Cyber criminals, who now have access to your emails can go through the contact lists and obtain information about your friends and family. In worst case scenario, cyber criminals put up this information of sale on dark marketplaces. You would be surprised to know the demand personally identifiable information (PII) holds on the Dark Web.
Learnings from the Yahoo Hack Whether or not, your email client has suffered a breach it is always better to take mitigation steps. Don’t wait for the breach notification email to land into your inbox and don’t kid yourself that you might not be affected by the breach if you don’t receive the email. One should always take the following precautionary steps to keep yourself safe.
1. Change your password after every few months I cannot emphasise enough on how important it is for the people to change the password of a hacked account similar to the Yahoo hacked account, but any other account where you might have used a similar password.
2. Change the security questions and answers after every few months If you have used the same kind of of security questions and answers elsewhere, change them too.
3. Beware of spam emails Don’t blindly trust any emails! Thoroughly check if the email is genuine before clicking on any link or opening any attachment.
4. Always install antivirus Always install an effective antivirus software in your laptops and mobile devices to avoid any kind of malware infection.
What’s the point now? You might ask me that the Yahoo email accounts were hacked two years ago. Which means, cyber criminals have had access to your data for two years. Is there a point in taking precautionary steps now? Yes, there is!
You must change your password and take additional security measures even if you don’t suspect you have been impacted by the Yahoo account breach. Hackers usually convert stolen data into hashes and upload them online. It is better to change your password before someone cracks the data and misuses it.