Just because Yahoo became part of Verizon, it doesn’t mean it’s sitting quietly out of the news. This week, the company announced publicly that after additional investigation into the data breach from 2013 (which they announced in December of 2016), all three billion of its users were affected by that incident. It isn’t limited to email users either. Anyone using any Yahoo service was affected in this, including those using the photo sharing service Flickr and fantasy sports players.
The bottom line is that if you didn’t listen to the last warning (that was thought to have affected one billion).
1. Change your password for your Yahoo accounts. That means all of them.
Use a unique password for each online account. If you don’t, if they got one of them, they got them all.
Make sure passwords are not easy to guess, such as any word you can find in any dictionary.
Use at least eight characters. Include numbers, special characters, and upper and lower case letters. Vary where you put the numbers and special characters. Don’t always put them in the same spot in your passwords.
2. Also, be on the lookout for additional phishing targeted at you.
Don’t click links or attachments that arrive in email messages or any text messages, particularly if you are not expecting to receive them. Review all email messages for indicators that they are phishing. Watch for typos, incorrect grammar, and poor punctuation.
Be suspicious of requests for personal or confidential email. If you are asked to click something to update your account information, don’t. Go directly to the organization’s website using a previously bookmarked link or by manually, yet carefully typing the address into your browser.
3. Review your Yahoo accounts for suspicious activity. Check your “sent mail” box and see if your account was used to spam anyone, including those in your contact list. If so, use a different account (if possible) to alert your contacts that they may be receiving malicious email messages from you.
4. Change your security questions and answers for your accounts. Try to choose questions with answers that cannot be easy to find out on your social media profiles.
5. Enable two-step (or two-factor) or multi-step authentication for your accounts. If you haven’t, do this after you’ve changed your password. You can do this in your account settings.
This additional information was discovered as Yahoo was being merged with AOL, another Verizon company. It also stressed that it took action to protect accounts back in December. However, your security is up to you. So, regardless of that claim, follow the above and you will be better off all around.
© Copyright 2017
Stickley on Security
October 4, 2017