Yahoo Mail hacked in 2013 and 2014: what you need to do

Rights, Scams and Politics

Updated on 15 December 2016 | 4 Comments

Yahoo believes more than 1 billion email accounts in a hack dating back to 2013. If you're a Yahoo Mail user, here's what you should do now.

Yahoo has discovered another major cyber attack dating back to August 2013.

The internet giant says more than a billion accounts may have been affected, although many users will have multiple accounts.

It suspects the hack is unrelated to a previous breach in 2014, which involved 500 million accounts.

It's believed the stolen data includes names, email addresses, telephone numbers, dates of birth, hashed (encrypted) passwords and, in some cases, encrypted or unencrypted security questions and answers.

Thankfully, payment card data and bank account information were not stored in the system that was believed to be affected.

The hack was uncovered as part of continuing investigations by authorities and security experts looking into the 2014 breach, according to Yahoo.

Check your credit report for anything suspicious

How did they do it?

Hackers used “forged ‘cookies’”. These are bits of code that stay in the user’s browser cache so that a website doesn’t have to ask them to login every time they visit, according to Yahoo’s chief information security officer, Bob Lord.

He added that it could allow fraudsters to access users’ accounts without needing a password.

What now?

At the moment Yahoo is contacing all users affected by the hack and asking them to change their passwords. It says steps are also being taken to secure accounts. 

Stay safe online

Even if you weren't affected, it couldn't hurt to change your password. The National Cyber Security Centre (NCSC) recommends using three random words to create a strong password.

Email, social media and online banking accounts are the most important accounts to protect so it’s worth using three strong, separate passwords to protect them.

Avoid words related to you that are easy to guess such as your place of birth, your child’s name and your favourite sports team.

And, of course, never share your passwords with anyone or write them down.  

Read more at How to make a strong password.

Check your credit report for anything suspicious

Keep yourself in the know:

Evil scam that could cost you a lot more than money

9 ways Christmas criminals can catch your out

The scammers who already have your personal info

Simple trick that makes Visa card hack "frighteningly easy"

Comments

Be the first to comment

Do you want to comment on this article? You need to be signed in for this feature

Copyright © lovemoney.com All rights reserved.

 

loveMONEY.com Financial Services Limited is authorised and regulated by the Financial Conduct Authority (FCA) with Firm Reference Number (FRN): 479153.

loveMONEY.com is a company registered in England & Wales (Company Number: 7406028) with its registered address at First Floor Ridgeland House, 15 Carfax, Horsham, West Sussex, RH12 1DY, United Kingdom. loveMONEY.com Limited operates under the trading name of loveMONEY.com Financial Services Limited. We operate as a credit broker for consumer credit and do not lend directly. Our company maintains relationships with various affiliates and lenders, which we may promote within our editorial content in emails and on featured partner pages through affiliate links. Please note, that we may receive commission payments from some of the product and service providers featured on our website. In line with Consumer Duty regulations, we assess our partners to ensure they offer fair value, are transparent, and cater to the needs of all customers, including vulnerable groups. We continuously review our practices to ensure compliance with these standards. While we make every effort to ensure the accuracy and currency of our editorial content, users should independently verify information with their chosen product or service provider. This can be done by reviewing the product landing page information and the terms and conditions associated with the product. If you are uncertain whether a product is suitable, we strongly recommend seeking advice from a regulated independent financial advisor before applying for the products.