3 billion Yahoo accounts hacked: 5 things you should do to stay safe

3 billion Yahoo accounts hacked: 5 things you should do to stay safe

If you had a Yahoo account in 2013, your name and password were stolen.Yahoo expanded the scope of its massive data breach on Monday. In December, the

W. Va. to use blockchain-based mobile app for mid-term voting
U.S. DoD Hopes To Stamp Out Threats With Bug Bounty Program
Black Hat Exclusive Video: The IoT Security Threat Looms for Enterprises

If you had a Yahoo account in 2013, your name and password were stolen.

Yahoo expanded the scope of its massive data breach on Monday. In December, the Internet giant announced a hack that affected over a billion accounts, making it by far the largest data breach in history. Now, the company says that every Yahoo account in existence in 2013—more than 3 billion—was breached. The hackers walked away with password hashes that can be easily cracked.

If you’re a Yahoo user you should consider your password compromised and should take all the necessary steps to secure your account. You should follow all of Yahoo’s recommendations, such as changing your password and watching for suspicious account activity, but here are a few more advanced tips that you should have in mind.

And if Yahoo’s lack of security has you down, read PCWorld’s guide to replacing five major Yahoo services and deleting your Yahoo account.

Editor’s note: This article was originally published on December 16, 2016 in the wake of initial breach reports, but was updated after Yahoo expanded the breach to 3 billion accounts.

1. Never reuse passwords

There are many secure password management solutions available today that work across different platforms. There’s really no excuse for not having unique, complex passwords for every single account that you own. If you do want memorable passwords for a few critical accounts use passphrases instead: sentences made up of words, numbers and even punctuation marks.

According to Yahoo, this breach happened in August 2013, at a time when the company hadn’t yet switched to the more secure bcrypt password hashing algorithm. As a result, most passwords that were stolen are in the form of MD5 hashes, which are highly vulnerable to cracking.

If you made the mistake of using your Yahoo password elsewhere and haven’t changed it yet, you should do so immediately and review the security settings of those accounts too. It’s very likely that hackers have already cracked your password and had three years to abuse it.

2. Two-factor authentication everywhere

Turn on two-factor authentication—this is sometimes called two-step verification—for any account that supports it, including Yahoo. This will prompt the online service to ask for a one-time-use code sent via text message, phone call, email or generated by a smartphone app when you try to access the account from a new device. This code is required in addition to your regular password, but Yahoo also has a feature called Account Key that does away with regular passwords completely and instead requires sign-in approval via phone notifications.

COMMENTS