Updated 4/10/17: Yahoo now says that all 3 billion users were compromised in 2013, up from the 1 billion accounts previoulsy listed.
In 2016, Yahoo revealed that 500 million accounts had been breached in late 2014, with personal information like names, email-addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords being stolen.
Yahoo had apparently been aware of the breach last August when cybercriminal “Peace” advertised the sale of 200 million Yahoo users’ information on the dark web. Yet, the company didn’t issue a password reset or an official announcement until late September.
Last December, Yahoo once again announced that it’d found a previously undetected breach of data from 2013 of more than 1 billion user accounts. This was a separate and distinct hack from the one before.
It didn’t end there. Just last week, Yahoo warned that some users may have had their accounts hacked as recently as last year, not just in 2013 or 2014.
News outlets like Recode, the New York Times and Business Insider, have sources revealing a dysfunctional attitude in Yahoo about security issues, which were “pushed down, dismissed, or out-and-out ignored.”
At this point, everyone who has a Yahoo email account should assume two things: Your account has been compromised, and it is no longer safe to use now and into the future.
Here’s what I’d suggest you do if you have a Yahoo email account:
(I explain why you shouldn’t simply delete your Yahoo account in the later part of this article.)
Note: I realize there’s a chance you might just read this post and forget about it. If nothing else, I strongly suggest you skip all the way to the end of this article and change your password recovery address away from Yahoo. That alone will save you a lot of potential heartache and trouble.
If you haven’t already done so, change your password immediately to lock out anyone who might have access to your account. Do it again even if you had already changed your password after the news of the previous breaches from 2013-14, because of the new breaches that may have happened just last year.
Make your new password different from your previous one. If your previous password was ‘password123,’ for example, don’t use ‘123password.’
The easiest way to make a strong password is to use a password manager, which I highly recommend. If not, here’s one method to help you create a stronger password. Whatever you do, never use these 25 passwords.
Two-step verification adds another layer of security to your Yahoo account, by requiring a special code that’s sent to your personal device to unlock your Yahoo email account.