By Robert Risk
Originally in August 2013 hackers stole data associated with more than one billion user accounts. The information was account information such as names, email addresses, phone numbers, birth dates as well as hashed passwords and security questions and answers. Yahoo claimed that payment card data and bank account information was not part of the information stolen as it was not on the compromise system.
On Tuesday (10/3/17), Yahoo announced it was 3 billion accounts, which were all of its user account at the time of the breach. The size most likely does not matter as Yahoo forced users to reset their passwords in 2016.
Yahoo users should
- Again change their passwords and security questions and answers
- Monitor their credit cards and bank accounts
- Even though the company says that this information was not compromised
- If you receive email from Yahoo understand that Yahoo will not ask you to click on any links, they will not contain attachments and they will not request your personal information.
- Be careful of any unsolicited communications and never provide your personal information
- Think about using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether
Again, unfortunately these companies continue to get breached, are slow to go public with the information and never seem to have a breach plan in place until they are breached.
Robert Risk is Director of Technology Advisory Services at Wiss & Company, LLP. If you would like to contact Bob, you may reach him at firstname.lastname@example.org or at 973.994.9400.