Recent news that hackers had infiltrated Yahoo’s database and stolen personal information from more than 500 million users was just the latest reminder that in the digital age, none of the information you choose to put online is ever truly protected. In this case, one of the most frightening aspects of the breach — in addition to the sheer number of people affected by it — is that it actually happened in 2014 but was only discovered recently.
Hackers gained access to Yahoo users’ information, including names, birth dates, email addresses, passwords and, possibly, questions and answers to security queries designed to confirm identities.
Imagine for a moment that such personal information is your home. And that when you signed up for an account, you handed over your keys and alarm code to the company with the explicit promise that it would be safely guarded. Only it turns out that for at least the past two years, your front door (and back door and garage and windows) were left wide open for hackers and nefarious sorts to come and go and peruse as they please.
It’s no surprise, then, that the lawsuits are already starting. In the days following the announcement, two separate class-action suits were filed in U.S. District Court in San Francisco, both charging that Yahoo violated the terms of its user agreement by inadequately protecting its users’ personal information and failed to inform customers that the information was not sufficiently protected.
Sen. Mark Warner (D-Va.) sent a letter to Securities and Exchange Commission chairwoman Mary Jo White that urged the group to investigate Yahoo’s actions during and after the breach. How all this will affect Verizon’s pending deal to purchase Yahoo for $4.8 billion is anyone’s guess. The purchase is near its end stage but won’t be finalized until it gains approval from various agencies and shareholders, a process that probably got a lot tougher after news of the breach.
For the vast majority of the 500 million users, though, lawsuits and mergers are beside the point, at least for now. So, if you have an account with Yahoo, here’s what you should do right away.
- Change your Yahoo password. On this one, you likely won’t have a choice. The next time you go to sign on to your account, you’ll see a disclaimer about the breach and be required to update your password before you can access your account.
- Change passwords for other non-Yahoo accounts. Hackers may be able to glean information about other accounts from snooping around in your Yahoo mail — and many people still use the same username and password for multiple sites, giving the Yahoo hackers easy access to other accounts.
- Don’t reuse passwords, ever. It’s hard to remember a number of different passwords, but using the same password over and over, particularly on financial and other sensitive accounts, makes it much easier for the hackers. Once they have one of your passwords, they could have them all. Diversify your sign-on information. A password manager such as Dashlane, LastPass or Zoho Vault can help you keep track of various login information.
- Enable two-factor verification. It may be a little slower and more cumbersome, but two-factor verification is recommended whenever possible by experts and can make a big difference in keeping your accounts secure.
- Be on the watch for phishers. Stay alert for any suspicious-looking emails as well as messages that ask for personal information, no matter how authentic they may look. When in doubt, double-check with the company to make sure an email is legitimate.