Yahoo announced Thursday that at least 500 of it’s users are at risk after a major data breach occurred in late 2014. Information stolen in the attack includes names, email addresses, phone numbers, birth dates, encrypted passwords and even security questions and answers in some cases. Yahoo states in the announcement that it no longer believes the attacker is in their network and also state they believe that the breach was “state sponsored”, a targeted attack by another country. Yahoo is currently in the process of notifying affected users of the compromise and will require a password and security question reset on all affected accounts.
If you’re reading this, and have a registered Yahoo account, you should immediately change your account password and security questions/answers. You should also be wary of opening/clicking on links in any emails received at your yahoo address, even if the sender appears to be someone you know. Yahoo also recommends using their Yahoo Account Key mobile authenticator.
Please note that a Yahoo account is a multi-service account. This means that not only are services like Yahoo Mail and Messenger affected but also non-Yahoo branded services like Flickr as well so even if you don’t use your account on Yahoo directly, you still can be affected.
It’s an unfortunate reality that breaches like this are becoming almost commonplace. Yahoo joins a group of companies including the likes of Target and Sony in being subjected to large-scale hacks with millions of users data at stake. It’s very important to remember that, when it comes to online security, the less information you reveal, the less information will be exposed to attackers should a service with which you have an account get exposed. The best rule to live by is: if it isn’t required, leave it blank.