Hot on the heels of Yahoo announcing a data breach of 500 million user accounts in September, the company has announced that they have suffered another breach of one billion accounts. Yes, you read that correctly- one BILLION accounts.
As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data. The company analyzed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data. Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts. The company has not been able to identify the intrusion associated with this theft. Yahoo believes this incident is likely distinct from the incident the company disclosed on September 22, 2016.
Yahoo believes that the information that was stolen consists of full names, email addresses, dates of birth, phone numbers, hashed passwords, and possibly security questions and answers as well.
Luckily, Yahoo does not store credit card or any other payment information in the system that was affected.
2016 seems to be the year of the “mega-breach” with us reporting on eight major breaches involving well-known companies. Big data is big money for attackers, so they set their sights on companies that tend to hold large amounts of personally identifiable data on their customers, such as Social Security numbers, birthdates, home addresses and even medical records. It’s easy for a cybercrime victim to report credit card fraud and just get a new card number. When it comes to a Social Security number, though, you are bound to it for life. And Social Security numbers open the door to all sorts of identity theft. Norton Protects You Against Data Breaches
Norton makes it easy to have proactive protection against data breaches like these in place with Norton Identity Protection Elite . Norton helps monitor everything online about you--from financial accounts to social media and your credit report. Norton Identity Protection can even provide restoration services if you become a victim of identity theft. What Yahoo is Doing to Protect Their Users
The company is currently identifying and notifying potentially affected users instructing them to change their passwords immediately. In addition to notifying users, they are removing any unencrypted security questions and answers from the affected accounts so cybercriminals cannot use those answers to break into users accounts. How To Protect Your Accounts:
In situations like this, we cannot stress enough the importance of using safe and secure and passwords .
Here are some tips on creating a secure password:
- Use a random combination of at least ten symbols, letters, and numbers.
- Don’t use the same password for multiple websites. Ever.
- Don’t use words in your passwords- cybercriminals have programs that can crack those passwords in a heartbeat.
- Don’t use any personal information in your password- not even your birthdate.
- Do not open emails from unknown sources and delete anything that appears questionable.
- Do not rely on security questions to protect your account/password. Most security questions are common across applications, and the answers are often found on public social media sites.
We understand that it can be hard to keep track of dozens of complicated passwords for multiple websites; however, cybercriminals count on password reuse in order to gain access to other accounts. One way to get around the annoyance of having to remember all of those unique passwords is using a secure password manager, such as Norton Identity Safe .
Another great way to protect your account is if the service offers two-step verification. Two-step verification is a method of verifying your identity in addition to your username and password. Two-factor authentication asks you to provide one of the following things:
- Something you know – a pin number, password or pattern.
- Something you have – an ATM or credit card, mobile phone or security token such as a key fob or USB token.
- Something you are – Biometric authentication such as a voiceprint or fingerprint.
You can also visit Yahoo’s Safety Center page (link is external) for more information on how to secure your account. Yahoo also offers a Yahoo Account Key (link is external) , which is an authentication tool, similar to two-factor authentication as well.