Well it seems that Yahoo have been targeted again. Or they have simply screwed up ... Again!
Yahoo has released a statement saying that a breach occurred in August 2013 where more than 1 billion (yes BILLION) user accounts were compromised. You may remember that Yahoo had a similar admission in September where they say that 500 million user accounts had data stolen. That's 1.5 billion users affected!
This news is quite early so the details are yet to be fully discovered. But Yahoo's Chief Information Security Office Bob Lord says that they have not yet been able to work out how the data was stolen. Does this mean that potentially more user accounts are at threat?
"The stolen user account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers."
Bob Lord - Yahoo CISO
It seems that Yahoo did not find the breach themselves. Instead, they were alerted to the attack by law enforcement.
Also, the breach does not appear to include payment details or plain text passwords but it should still be concerning for anyone with a Yahoo account.
What Can I Do?
If you have an active Yahoo account, I suggest you log into your account and change your password. And change it to something complex. Don't just use your kids' names or "password123". Make it hard to guess. Here are some clever ideas to make your passwords harder to guess.
- Never use password - just don't!
- If you have to use simple words, join them together - children's names are very easy to remember but don't just use "rebecca" as your password. Make it harder to crack by turning your kids' names into phrases. Here are some examples:
- RebeccaIsTen
- RebeccaLivesWithMe
- RebeccaHasBrownHair
- Capitalise first letters - you can see in the examples above. Adding capitals to your password is a simple but effective way to make your password more complex
- Use phrases, not words - try to make a small phrase instead of just one or two words. Something like MyMaidenNameIsJones
- Include numbers in your phrase - this just makes it harder to guess
- Replace letters with symbols - here are some examples
- replace a with @
- replace s with 5
- replace L with 7
At the end of the day, you are in control of your password complexity. We can never be 100% certain that providers will keep our information safe, so we need to take some responsibility. The harder we make our password to guess, the harder it will be to crack. If the password is hard to guess, even if a hacker gets your password, it will be harder to crack. Hopefully, by the time you have been alerted that your account has been compromised, you will have already changed your password to something new so the hacked password becomes useless to the hacker.
If you have any questions about information security, feel free to add some comments below or send a message.