Credit Infocenter

Yahoo Billion-User Data Breach: What You Need to Know

December 15th, 2016 · No Comments · Consumer Info

by Staff

Yahoo Billion-User Data Breach What You Need to KnowIt’s the largest data breach in history. If you have a Yahoo account, here’s what you need to know.

Were a billion accounts really compromised?

Evidently. As stated in its press release on the breach, Yahoo believes the stolen data is “associated with more than one billion user accounts.”

When did it happen?

Though announced Wednesday, December 14, 2016, it actually happened 3 years ago, in August 2013.

Why are we just now hearing about it?                                                                                                               

It November of this year, Yahoo disclosed that law enforcement officials had given the company data files that an unnamed third-party claimed contained their user data. Yahoo had forensic experts take a look at it and discovered that, yes indeed, it was stolen Yahoo data.

Who did it and how did they get in?

There doesn’t seem to be an answer to either of these questions. Whoever is responsible is only referred to by Yahoo as an “unauthorized their party” and the company says it doesn’t know yet how it happened: “The company has not been able to identify the intrusion associated with this theft.”

What kind of information was stolen?

Stolen information may have included names, dates of birth, email addresses, hashed passwords, phone numbers, and security questions (both encrypted and unencrypted). What’s not believed to be included in the stolen data are any passwords in clear text or financial information (e.g., payment card data or bank account numbers).

Is this connected to the data breach announced in September?

As stated in the press release, “Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.” The breach announced in September affected 500 million users.

What steps is Yahoo taking now?

Beyond its investigation, Yahoo is:

  • Notifying users whose accounts have likely been affected
  • Requiring users to change their passwords
  • Invalidating unencrypted security questions and answers
  • Encouraging users to change any of the same or similar passwords used on other accounts
  • Warning users to use caution with emails from unfamiliar sources
  • Encouraging users to use the Yahoo Account Key, an ID verification tool that eliminates the need for a Yahoo password at all

What else can I do to protect myself?

Make all of your passwords unique and as secure as possible. Use this guide to create your own passwords or consider getting yourself a password manager. It’s also helpful to use two-factor identification with sites that offer it, particularly for online banking. Beyond that, learn more ways to protect your identity than you’ve probably ever imagined.