On September 22, 2016, Yahoo revealed that they recently discovered that they had been hacked by a “state-sponsored actor” in late 2014 which affected 500 million accounts, making it the largest hack from a single email provider. The stolen data includes users’ names, email addresses, birth dates, telephone numbers, scrambled passwords and security questions and answers. Yahoo users who recycle their passwords across different sites may be at risk. According to Matt Blaze, a security researcher at the University of Pennsylvania, “Data breaches on the scale of Yahoo are the security equivalent of ecological disasters.”
An investigation performed by the New York Times shows that Yahoo has been putting off investing in security for years and prioritizing the user interface/experience instead. In addition, Yahoo rejected a basic security measure of automatically resetting user passwords, which is considered standard after a data breach. This decision was made in fear of users leaving Yahoo for other email services if users were prompted for a required password change.
If you have a Yahoo account, the first step to protect yourself is to change your password immediately. For further protection, you should activate the two-factor authentication, one of the most effective ways to add an extra layer of security, which sends a code to your phone every time you attempt to log into your email account. If you find that to be bothersome, you can set the two-factor authentication to remember a specific computer for up to 30 days without asking for a code. Lastly, be cautious about which links you click on in your emails as it is common for hackers to take this opportunity to send fake emails with security issue warnings and asking you to update your information and details. If it is not coming from a legitimate or recognizable email, do not click on the link regardless of how genuine it looks.