Yahoo breach — things to do

 Computer  Comments Off on Yahoo breach — things to do
Dec 152016

Well, Yahoo’s much in the news again. Once again, as noted by the New York Times, “Yahoo Says 1 Billion User Accounts Were Hacked.”

The newly disclosed 2013 attack involved sensitive user information, including names, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions that could be used to reset a password. Yahoo said it is forcing all of the affected users to change their passwords and it is invalidating unencrypted security questions — steps that it declined to take in September.

Changing Yahoo passwords will be just the start for many users. They will also have to comb through other services to make sure passwords used on those sites are not too similar to what they were using on Yahoo. And if they were not doing so already, they will have to treat everything they receive online, such as email, with an abundance of suspicion, in case hackers are trying to trick them out of even more information.

See also:

How Yahoo’s 1 billion account breach stacks up with the biggest hacks ever

What you should do if you were hit by the Yahoo hack

What to do? In summary: Check that you can access your account and email. Login into your Yahoo account. Make sure there’s nothing strange. Check your account / personal info. Change your password. Choose a strong password. Don’t use the same password as for other accounts.

And if you’re no longer using the account, then delete or deactivate it. Get a free Google account and use Gmail.

Biggest data breach ever — Yahoo + some AT&T accounts

 Computer  Comments Off on Biggest data breach ever — Yahoo + some AT&T accounts
Sep 242016

Big news this week regarding data breaches. Yahoo revealed that account information for at least 500 million users was stolen by state-sponsored hackers two years ago. PC World’s article “Here’s what you should know, and do, about the Yahoo breach” discusses the breach and reviews best security practices.

An email compromise is one of the worst data breaches that a person could experience online, so here’s what you should know … there’s no way to tell if your account was among those whose passwords were hashed with bcrypt or not, so the safest option at this point is to consider your email compromised and to do as much as damage control as possible. … Large data breaches are typically followed by email phishing attempts, as cybercriminals try to take advantage of the public interest in such incident.

Here’s Yahoo’s official September 22 statement on the breach: “An Important Message About Yahoo User Security.” Their statement includes recommended actions.

UPDATE 9-27-2016: A CNET article today reminded me that some of my clients have AT&T high-speed Internet service (sometimes phone service as well) and their email service uses Yahoo.

Many AT&T customers use Yahoo accounts to manage their services and could be at risk. … It’s the outgrowth of a partnership formed 15 years ago between Yahoo and AT&T (then called SBC Communications), bringing AT&T broadband customers to Yahoo’s search engine and media services, including Yahoo Mail. … The hack puts AT&T in an uncomfortable position. The company is still waiting for data from Yahoo on the specific customers who may have been affected, according to a person familiar with their dealings. … For now, AT&T is offering little advice to its customers beyond the standard line: regularly change your passwords.