Yahoo data breach – what to do now?

Yahoo has allegedly reported more than one billion user accounts may have been affected in a hacking attack which dates back to 2013.

Yahoo said names, phone numbers, passwords and email addresses were stolen, but not bank and payment data.

Account users are advised to change their passwords and security questions.

Here’s a list of steps you should action:

Change your passwords & security questions

It’s strongly advised to change your passwords and security questions for any other accounts whereby you’ve used the same or similar as your Yahoo account. To provide an extra barrier of security you should enable two-step authentication on your Yahoo account (as well as any other accounts you may have). This method of verification sends a text message or call to the user’s phone with a code which must then be typed in before the account can be opened.

Check your other accounts

Once hackers have access to sensitive information and your ID for one place, they usually try the same combination against numerous other platforms to see which other ones they can gain access to. Log in to check activity for any other online accounts you have, also change your passwords and security questions.

Think twice before you click

Be hesitant if you receive an email claiming to be from Yahoo or somewhere else about the breach giving you instruction to download attachments, click on a link or asking you to provide personal details. Stay away from anything you feel is suspicious.
Yahoo has said they are not sending such emails:

“If an email you receive about these issues prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information. Avoid clicking on links or downloading attachments from such suspicious emails,” the company said.

Hackers take advantage and use the opportunity of a large breach to manage “phishing” campaigns. Hackers will send out emails which look official making it appear as if Yahoo (or other legitimate services) are asking the user to provide information or click on a link. It’s worth noting legitimate organisations will never request personal information from the user.

Don’t be tricked by email phishing scams

If you’re ever in doubt the best thing to do is separately contact the company directly which appears to be sending the message – you must not go through the email you’ve been sent. Separately seek the contact information for that company from elsewhere (not from the email you’ve received).

Lastly, thoroughly review your online accounts for any suspicious activity, including checking your banking purchases. Even if you flag up a small payment which appears unfamiliar you should flag this with your bank.