Hackers swiped personal information associated with at least a half billion Yahoo accounts making it the biggest data breach in history to date.
News of the breach was first made public last Thursday, CNET.com reported.
The hack revealed names, email addresses, phone numbers, birth dates and, in some cases, security questions and answers, Yahoo said in a news release.
Encrypted passwords, which are jumbled so only a person with the right passcode can read them, were also taken.
The Washington, D.C.-based Wallet Hub, consumer website that provides customized credit-improvement advice, savings alerts and other products, this week offered several tips to help individuals protect their personal information.
“Change your Yahoo password and security questions; change any passwords and security questions similar to what you were using on Yahoo; and enable two-factor authentication where your Yahoo account may have been comprised, but your cell phone wasn’t,” said Jill Gonzalez, a WalletHub analyst. “So, use it as another layer of protection when logging into your email account and financial websites.”
Whether affected or not, individuals should sign up for free credit monitoring, and be wary of Yahoo emails and the company is also warning customers not to click on any links or open any attachments in emails sent by Yahoo because the messages could come from imposters, Gonzalez added.
Authentic Yahoo emails regarding the data breach will not contain links or attachments and they won’t ask for any personal information.
“Whether it’s someone showing up at your door, calling you on the phone or sending you an email asking for personal information, you shouldn’t respond if you didn’t ask to be contacted,” Gonzalez said.
The hack serves as a reminder of how widespread such action is and highlights the vulnerability of passwords, CNET.com reported.
Cybersecurity specialists recommend using a different password for each account an individual has on the Internet. Other experts are working on alternatives to passwords, such as biometrics like a fingerprint or retina.
“[In the meantime], change account PINS and passwords,” said John Kiernan, senior editor at WalletHub. “Security experts typically recommend changing passwords every few months and using an eight to 10-character mix of upper and lowercase letters, numbers and symbols for maximum security. But, it’s especially important following a case of identity theft.”
Further, it’s important to review mail and credit card statements carefully to make sure that you receive all of your expected monthly account communications from lenders, WalletHub officials said, noting that is a good way to confirm that none of your accounts have been hijacked.
“Thoroughly reviewing these documents for transactions or references to account changes that you do not recognize is similarly beneficial,” Kiernan said. “Taking a bit of extra time to scrutinize the mail you receive every day will reduce the likelihood that you’ll discard a letter from a lender, the IRS, the Social Security Administration or any other organization that may be trying to notify you about a past-due balance or change in account preferences that could signal fraud.”
It’s also important to make sure to enroll in electronic account access.
“It’s easiest for a fraudster to pull off this type of scam when you, the real accountholder, have not yet registered your account for online access or established account preferences regarding electronic communications,” Kiernan said. This is especially prevalent when the victim doesn’t even realize online account access is available, as is the case with many elderly people and the Social Security Administration’s “My Social Security” web-management tools.
“Every case of Social Security fraud I’ve investigated in the past year and a half I traced back to the [My Social Security] program as the source— not because it was breached, but because the victim didn’t know about this new account being available and they didn’t take any action so the criminal did,” said Carrie Kreskie, director of the Identity Theft Institute at Hodges University. “The easiest way to minimize your chances of falling victim to this type of scam is to claim your online account and use a strong password to protect it.”