Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
Feature Articles

Hacked: What to do if you have a Yahoo email account

By Alvin Soon - 4 Oct 2017

How to secure your Yahoo email account

Yahoo's shocking shoddy history of security lapses

Updated 4/10/17: Yahoo now says that all 3 billion users were compromised in 2013, up from the 1 billion accounts previoulsy listed.

In 2016, Yahoo revealed that 500 million accounts had been breached in late 2014, with personal information like names, email-addresses, phone numbers, birth dates, answers to security questions, and cryptographically protected passwords being stolen.

Yahoo had apparently been aware of the breach last August when cybercriminal “Peace” advertised the sale of 200 million Yahoo users’ information on the dark web. Yet, the company didn’t issue a password reset or an official announcement until late September.

Last December, Yahoo once again announced that it’d found a previously undetected breach of data from 2013 of more than 1 billion user accounts. This was a separate and distinct hack from the one before.

It didn’t end there. Just last week, Yahoo warned that some users may have had their accounts hacked as recently as last year, not just in 2013 or 2014.

News outlets like Recode, the New York Times and Business Insider, have sources revealing a dysfunctional attitude in Yahoo about security issues, which were “pushed down, dismissed, or out-and-out ignored.”


What to do if you have a Yahoo email account?

At this point, everyone who has a Yahoo email account should assume two things: Your account has been compromised, and it is no longer safe to use now and into the future.

Here’s what I’d suggest you do if you have a Yahoo email account:

  • First, we’re going to secure it.
  • And secondly, we’re going to pivot away from it.

(I explain why you shouldn’t simply delete your Yahoo account in the later part of this article.)

Note: I realize there’s a chance you might just read this post and forget about it. If nothing else, I strongly suggest you skip all the way to the end of this article and change your password recovery address away from Yahoo. That alone will save you a lot of potential heartache and trouble.


How to secure your Yahoo email account

1. Change your password immediately

If you haven’t already done so, change your password immediately to lock out anyone who might have access to your account. Do it again even if you had already changed your password after the news of the previous breaches from 2013-14, because of the new breaches that may have happened just last year.

Make your new password different from your previous one. If your previous password was ‘password123,’ for example, don’t use ‘123password.’

The easiest way to make a strong password is to use a password manager, which I highly recommend. If not, here’s one method to help you create a stronger password. Whatever you do, never use these 25 passwords.

2. Turn on two-step verification on your Yahoo account

Two-step verification adds another layer of security to your Yahoo account, by requiring a special code that’s sent to your personal device to unlock your Yahoo email account.

Here’s how to do it.

Next: How to move away from your Yahoo email account