Yahoo data breach: what you need to do

Yahoo is the latest company to admit it has been hit by hackers. The internet firm has revealed that more than half a billion users have had their personal information stolen by hackers.

What has happened?

Last week Yahoo revealed that hackers stole the names, email addresses, passwords, telephone numbers and more. The attack actually happened two years ago, but the company has only just discovered the extent of the data breach.

Subscribe to The Week

Escape your echo chamber. Get the facts behind the news, plus analysis from multiple perspectives.

SUBSCRIBE & SAVE

Sign up for The Week's Free Newsletters

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

From our morning news briefing to a weekly Good News Newsletter, get the best of The Week delivered directly to your inbox.

Sign up

“The hack was the biggest in corporate history, even if it was not as bad as it could have been (no credit card or bank account details were stolen),” says James Titcomb in The Telegraph.

“Companies get attacked, we know this. The list of cyber victims in the last 12 months alone – TalkTalk, Ashley Madison, LinkedIn, Dropbox – should be enough to show us that security breaches are inevitable. Our attention should be turned to the way in which companies deal with them.”

The shocking thing with the Yahoo data breach is that the company has only just admitted it. Questions remain about exactly when Yahoo! became aware of the hack, but the fact is that customers have been completely unaware that their passwords and personal details have been available to be traded on the black market for the past two years.

Another eyebrow-raising element of the story is Yahoo's determination that it was a "state-sponsored" group behind the attack, with fingers point squarely eastwards towards Russia.

Will I have been affected?

If you have a Yahoo account there is a reasonable chance your details have been stolen. The company is in the process of contacting everyone whose details were stolen. Just watch out for fraudulent emails pretending to be from Yahoo and don’t click on any links within an email.

But, even if you don’t think you are a Yahoo customer you could be affected.

“There are lots of people, millions of people, who don’t understand they have a Yahoo account,” cybersecurity specialist Per Thorsheim told CNN Money. This is because Yahoo provides several other services which were also hacked, including Yahoo Sports, Flickr and Tumblr.

Even if you have a Yahoo account that you haven’t used in years, you could be affected.

“The idea that ‘I don’t use that account any more, I don’t have to worry about it’ – in most cases, unfortunately that’s wrong,” says Thorsheim. “If you have an account that you don’t use, you should delete it.”

What should I do?

Change your passwords. Not just your Yahoo passwords but “if the password for your bank account or any other financial service is the same as your Yahoo password, you should change it immediately,” says Anna Mikhailova in The Times.

You should also check your credit report to make sure your identity hasn’t been stolen as a result of the data breach. Be on the look out for credit applications that you haven’t made.

How to protect yourself from future data breaches

In future try to have different passwords for all your different accounts. That way a data breach at one of your social media companies is less likely to cause problems with your finances.

It can be hard to remember loads of passwords, but one trick is to assign a different band to each of your password categories. So you may have The Beatles for banking, Queen for social media and the Rolling Stones for email.

Then you simply take a line of a Beatles song for each bank account take the first letter of each word and you have your password. For example, Yellow Submarine gives you a password of waliays – mix up the upper and lower case and exchange letters for numbers or symbols and you have a really strong password that is relatively easy to remember.

Yahoo confirms massive 'state-sponsored' hack

23 September

Tech giant Yahoo has confirmed that hackers stole the personal data of more than 500 million of its users in 2014. Yahoo is encouraging users to change their passwords as a result of the breach.

In is one of the largest data breaches in history, hackers took "names, passwords, email addresses, phone numbers and security questions", the company says, adding: "Stolen information did not include unprotected passwords, payment card data, or bank account information."

Three US intelligence officers told Reuters that "because of its resemblance to previous hacks traced to Russian intelligence agencies or hackers acting at their direction", the cyber attack was probably state-sponsored.

Yahoo said: "The ongoing investigation has found no evidence that the state-sponsored actor is currently in Yahoo's network.

News of the breach "may jeopardise the $4.8bn [£3.67bn] sale of [its] core business to Verizon, announced in July", The Guardian says. The sale is set to be completed in the first quarter of 2017.

Verizon said the company was made aware of the breach "within the past two days", but has "limited information and understanding of the impact".

The attack puts added pressure on Yahoo chief executive Marissa Mayer, BBC North America technology reporter Dave Lee writes, who says many will ask "why is Marissa Mayer, a chief executive who has presided over bad deals and now the biggest breach in internet history, still in charge?".