CBS Local — Yahoo’s shocking and embarrassing admission that a 2013 data breach affected over three billion accounts, instead of the one billion they originally reported, has left frightened customers wondering how they can protect themselves.
According to reports, if you had a Yahoo account in 2013 your name, password, and possibly some personal information was stolen in the largest hack in history. Yahoo claims the stolen data did not include credit card or bank account information. The company warned affected customers in December of 2016 to immediately change their passwords and security questions. The new revelation is raising concerns that those steps aren’t enough.
“Most data breaches are because of poor password habits — using the same, weak passwords like ‘admin,’ as shown in the Equifax breach,” said Dashlane’s Emmanuel Schalit, via The Street. “Strong, unique passwords are absolutely necessary to prevent cyber attacks,” the password security firm’s CEO added.
Yahoo users may have left the door wide open for the massive hack in 2013. According to an investigation by former tech reporter Declan McCullagh in 2012, thousands of Yahoo users had the same basic passwords to log into their accounts.
Security experts add that employees regularly have to remember as many as 30 passwords for all their online activities and many people begin to reuse the same codes.
“This results in employees starting to use the same password for everything from a bank account to social media and even the company’s active directory,” said Joseph Carson, chief security scientist at Thycotic. “This provides them with access to more sensitive information, which typically leads to large data breaches.”
Security analysts say the best thing to do right now is stop reusing passwords on multiple sites. They also suggest using two-step authentication when signing into your accounts. Once you’re logged in, it’s recommended that you delete all emails you don’t need anymore so you leave less information available to be stolen.
Experts also warn that the time after a data breach is the most vulnerable for phishing emails that are trying to steal more information. Beware of messages asking for personal details or directing you to “verify your account” on another website.