Yahoo just announced another instance of hacked accounts, up to a billion. Yes, I said one billion. If you have a Yahoo account odds are your account has been hacked. Back in September Yahoo announced 500 million hacked accounts.
– If you maintain an active Yahoo! account, immediately change your password AND your security questions as the case may be. The compromise of the security questions may be the long term biggest negative effect of this breach. (Obviously if you have a closed account, you will not be able to change either the password or the security questions.)
– If you are one of those people who uses the same password over multiple accounts then, aside from already knowing you are wrong for doing so, you need to immediately change the passwords and security related questions / data for those other accounts – even if your Yahoo! account has not been active for years. Obviously some security questions require a fixed answer – such as mother’s maiden name – unless you have been savvy enough to have created faux names. You can pick the name of a street perpendicular to one you lived on, or the last name of your best childhood friend, or the last name of a school you went to or whatever. Although not perfect, any of those are probably safer nowadays than using the real maiden name of your mom if any organization still uses such as a mandatory security question.
– Another issue is that any phone numbers or other e-mail addresses you associated your Yahoo! account with are likely also compromised. That gives hackers other avenues to try and get at you via, even if your Yahoo! account has been closed.
– A smart hacker will try to send out phishing e-mails to other e-mail service providers using the same ID you had for Yahoo!. The same e-mail address characters I have for Gmail and Hotmail is the same one I used for Yahoo! If my Yahoo! account has been compromised – which I assume it has been – has the same e-mail address characters as my current Gmail and Hotmail e-mail addresses. So the risk of very targeted phishing e-mails to these other addresses has increased.
– If you used a mobile phone number in association with your Yahoo! account, and you still use that mobile phone number, then SMS phishing (a.k.a. Smishing) is now an enhanced possibility. And if you, unfortunately for you, use an Android device then you better be very wary of Smishes.
– If you have an active Yahoo! account and hackers control the account, and if you have used that account as your signup account for banking, Amazon, 401K, credit card issuers, Zappos, whatever, then hackers can use that information to reset the password to those accounts to whatever they want it to be. And then go to work on your account.
– In fact if you have an active Yahoo! account you should get rid of it. But not before you clean it out. If you have used it for business or questionable personal activity, you better clean out all the folders. They may be compromised or they may not be. The contents may have already been accessed or they may not have. Speed in damage minimization may put you on the positive side of the fence. But if a hacker has accessed your Yahoo! account and you have damaging e-mails inside it, you could now be an extortion target. You will also want to check the account settings to ensure associated e-mail addresses and phone numbers have not been changed. That could potentially give a hacker a continuous route into your Yahoo! account.
– If business associates are accustomed to receiving e-mails from you using your Yahoo! account, then they are at risk of being phished. If they are communicating with your Yahoo! account against agency or company policy, and a breach occurs, they can expect to get fired or otherwise ‘jammed up.’
– Even your contacts info is of value to a hacker as they can then add all those people to their list of potential phishing or extortion victims. This includes their mobile device phone numbers.
– If you don’t change the password of an active Yahoo! account, then you must assume there is going to be dual access going on. You and a hacker. Modern detection techniques may alleviate this concern but I would not want to risk a lot on such an assumption. Some e-mail services will tell you when you last logged on. If you haven’t used your yahoo! account in 6-months, but when you log in you see the last log-in was 2-weeks ago, then you know you have a problem. * https://blog.knowbe4.com/and-another-billion-more-yahoo-accounts-hacked