Another day, another data breach announcement.
Yahoo revealed Tuesday that the massive security breach back in 2013 impacted every single user in its database — all three billion accounts — which is triple the number the company originally estimated back in December of last year.
After continuing to increase the number of potentially vulnerable users, Yahoo’s latest announcement confirms that anyone who had an account could have had their personal information exposed to criminals, opening them up to potential fraud and identity theft.
Details about the security breach
The hack, which occurred in August 2013, exposed Yahoo users’ account information, including names, email addresses, hashed passwords, phone numbers, birth dates, and in come cases, “encrypted or unencrypted security questions and answers,” the company said.
Yahoo confirmed that passwords were not stolen in clear text and hackers did not obtain bank or credit card information tied to users’ accounts.
How to protect yourself
In the past, Yahoo sent emails to potentially impacted users notifying them about the breach, with information on what to do next.
But you need to be careful — when any type of breach like this occurs, the scammers are out in full force trying to prey on people who are worried that their information may have been stolen.
So if you receive an email from Yahoo, here’s what the company says to look for to make sure it’s legit:
- Emails from Yahoo will not ask you to click on any links.
- They will not contain attachments.
- They will not request your personal information.
Steps to take next
The scary thing about data breaches is that criminals can sit on the information for years before they decide to use any of it. So in order to protect yourself, you need to take the following steps:
- Change your passwords and security questions and answers for any other accounts on which you used the same or similar information used for your Yahoo account.
- Review all of your financial accounts for suspicious activity.
- Be cautious of any unsolicited communications that ask for your personal information or refer you to a web page asking for personal information.
- Never click on links or download attachments from suspicious emails or emails you weren’t expecting.
- Consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.
On its website, Yahoo released the following information:
Please note that the email from Yahoo about this issue will display the Yahoo icon Purple Y icon when viewed through the Yahoo website or Yahoo Mail app. Importantly, the email does not ask you to click on any links or contain attachments and does not request your personal information. If an email you received about this issue prompts you to click on a link, download an attachment, or asks you for information, the email was not sent by Yahoo and may be an attempt to steal your personal information.
For more information, you can visit Yahoo’s FAQ page.
More tips to protect yourself
As a general rule of thumb, if you receive an email you weren’t expecting, do not click on any links inside the email. Even if you are expecting an order confirmation or package to be delivered soon, do not click on any links in an email notification. Go to the company’s website directly to get any delivery or order information.
Here are some more tips to help you protect yourself from online scammers:
- Be wary of unexpected emails containing links or attachments: If you receive an unexpected email claiming to be from your bank or other company that has your personal information, don’t click on any of the links or attachments. It could be a scam. Instead, log in to your account separately to check for any new notices.
- Call the company directly: If you aren’t sure whether an email notice is legit, call the company directly about the information sent via email to find out if it is real and/or if there is any urgent information you should know about.
- If you do end up on a website that asks for your personal information, make sure it is a secure website, which will have “https” at the beginning (“s” indicating secure).
- Look out for grammar and spelling errors: Scam emails often contain typos and other errors — which is a big red flag that it probably didn’t come from a legitimate source.
- Never respond to a text message from a number you don’t recognize: This could also make any information stored in your phone vulnerable to hackers. Do some research to find out who and where the text came from.
- Don’t call back unknown numbers: If you get a missed call on your cell phone from a number you don’t recognize, don’t call it back. Here’s what you need to know about this phone scam.
- Be cautious of any notification from an “automated message system” that states “Click on this link for details.”
For basic protection, use anti-virus and anti-malware software on all of your devices and make sure to keep it up to date. See our Virus, Spyware and Malware Protection Guide for links to free options.