“In September 2016, Yahoo revealed a hack that compromised 500 million user accounts. In December, the company revealed yet another hack, this time affecting a record 1 billion accounts. On Tuesday, Yahoo updated that number to all 3 billion accounts its services,” Laura Hautala reports for CNET. “And yes, that includes yours.”
“The hack exposed names, email addresses, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions,” Hautala reports. “Log into your Yahoo account. If you haven’t changed your password in a few years, do it — now.”
“Ask yourself, ‘Did I use this password somewhere else?’ It’s a common habit. Use the same password for lots of different accounts. If this breach has anything to teach you, it’s that this is a terrible idea,” Hautala reports. “If you recycled your Yahoo password on a different account, go change your password on that account too. The hackers who have your password could easily try it on a whole bunch of different websites — think bank websites or health insurance websites — to try to access information beyond your Yahoo account. Don’t let them.”
Read more in the full article here.
MacDailyNews Take: Add two-step verification on your Yahoo account for extra security. Info here.
As always, employ strong, unique passwords for every service and use multi-step verification wherever possible.
Mac users can use Apple’s Keychain Access and iCloud Keychain to create and manage them. For those of us who are smartly all-Apple, it works like a dream.
SEE ALSO:
Beleaguered Yahoo faces U.S. SEC probe over data breaches – January 23, 2017
Yahoo discloses ‘largest hack of all time,’ says hackers stole data from over one billion users – December 15, 2016
Yahoo secretly scanned all customer emails for FBI, NSA, sources say – October 4, 2016
Yahoo confirms data breach of at least 500 million user accounts – September 22, 2016
Verizon to acquire beleaguered Yahoo for $4.8 billion – July 25, 2016
What I have not seen in any media regards att.net accounts that were until very recently hosted by Yahoo. AT&T has moved them to Google.
Were they involved?
I have both yahoo and att.net accounts. I have dual factor authentication. I have all but deleted them at this point.
Two-factor identification via your phone is great… until you need to access accounts from a location that does not let you bring your phone in (any secure facility, for example). RSA tokens would fix that, but having to carry around half a dozen or so is unwieldy. So some of us are stuck with passwords and no central manager to handle ultra-complex ones. All-Apple? Nice thought, but doesn’t work in reality.
Most two-factor systems allow you to authorize a trusted device. You still can set it to require a login, but the device itself is trusted.
However if you’d trying to use a desktop that’s in a secure facility that doesn’t allow phones, some systems allow single-use passwords for this purpose. You can print out a single use password, take it in, use it to log in a desktop (or whatever) and then authorize that as a trusted device.
This also works if you lose your phone.
Too friggin’ complex.
Thanks for the reply. I’m aware that SOME two-factor sites let you have a temporary one-time password. Not enough though, and some of them expire within a short enough time that it’s not a viable solution. it also gets cumbersome and requires forethought (or foreknowledge that you’ll need that site when you’re someplace you can print from). I’m still hoping someone comes up with a better way.
I Can’t Believe it!
Kidding!
Yes I can. After Yahoo bought eGroups the place went mental and stayed that way. Reaching Yahoo’s tech support was an exercise in masochism. Yahoo’s suckage reputation is now complete. Dumbasses. 💥✊
David Pogue: Seriously. Jump out of the plane before it crashes.