How to find out if you’re at risk in Yahoo hack
Yahoo on Thursday revealed a hack that compromised 500 million user accounts, and yours might be among them. It’s the largest-ever publicly disclosed data breach, and it could affect a lot more than your email account or Yahoo Fantasy Football group.
Here’s how you can tell if hackers swiped your account information.
Log into your Yahoo account
This might sound obvious, but if you’re like a lot of people, you might not use Yahoo Mail as your primary email account. Yahoo has 1 billion monthly active users on its services overall and just 225 million monthly active users for its Yahoo Mail service, according to figures the company gave abchow.com in June.
So check the email affiliated with your Yahoo account if you haven’t already. Yahoo has started sending out notifications to users, and you should be receiving one at that account if you were affected by the data breach.
Change your password
Yahoo is recommending that people who haven’t changed their password since 2014 do so now. The company says the passwords that hackers stole were encrypted — scrambled up with a tool called bcrypt. This kind of encryption can potentially be broken with enough persistence, said Brett McDowell, executive director of the FIDO Alliance, a nonprofit group that vets login systems.
- Yahoo hit in worst hack ever, 500 million accounts swiped
That’s especially true “when the attacker can make relatively accurate guesses at what the password might be,” McDowell said. “Yahoo users with relatively weak or obvious passwords should take the recommended precautions.”
I’m looking at you, “passw0rd.”
Ask yourself, ‘Did I use this password somewhere else?’
It’s a common habit. Use the same password for lots of different accounts. If this breach has anything to teach you, it’s that this is a terrible idea.
If you recycled your Yahoo password on a different account, go change your password on that account too. The hackers who have your password could easily try it on a whole bunch of different websites — think bank websites or health insurance websites — to try to access information beyond your Yahoo account.
Don’t let them.
Delete old accounts you don’t use
While you’re thinking about all the accounts you have out there, ask yourself why you even have them. Are you still using that wedding planning website, five years after your nuptials? No, I didn’t think so. Delete that account! Have you fallen out of the habit of posting Harry Potter fanfic on that one goofy website you loved 10 years ago? Delete that account too!
That way, when random websites are compromised, you don’t have to ask yourself whether you’re at risk.