Hackers have stolen information from more than 1 billion Yahoo accounts in what appears to be the largest security breach of all time, The Associated Press reports.
Here's what you need to know:
1. What information was compromised in the hack? According to a statement released Tuesday, the tech company said the breach, which occurred in August 2013, "may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (using MD5) and, in some cases, encrypted or unencrypted security questions and answers." The good news? Yahoo does not believe that hackers obtained "passwords in clear text" or information about users' credit cards or bank accounts.
2. How do I know if my account was affected? Yahoo said it is contacting users who may have been targeted, but to be on the safe side, you should assume the worst and take precautions to protect your account.
An important message for Yahoo users about the security of their account: https://t.co/iHub7C7aI7
— Yahoo Inc. (@YahooInc) December 14, 2016
3. What is Yahoo doing in response? The tech giant said in a security notice that it is making affected users change their passwords and invalidating "unencrypted security questions and answers so that they cannot be used to access an account." Yahoo also said it is invalidating "forged cookies" and hardening its systems.
If you’ve been prompted to reset your #Yahoo password, you can learn more about your account security here: https://t.co/OsMXaVtfDn
— Yahoo Customer Care (@YahooCare) December 15, 2016
4. What do I need to do? First, change your password and security questions for Yahoo, as well as "any other accounts on which you use the same or similar information," the company said. The New York Times recommends using a password manager (i.e., LastPass) or making long passwords with "nonsensical phrases," special characters and numbers. Click here to manage your Yahoo account.
Next, enable two-step verification here. When you sign in, Yahoo will send you a code via text message or phone call to confirm your identity. Learn more here.
Yahoo is also encouraging users to set up Account Key, which allows you to sign in by clicking a cellphone notification instead of typing in a password. Learn more here.
Finally, you should closely monitor all of your online accounts for "suspicious activity" and be wary of any requests for personal information, Yahoo said. The company also recommends against "clicking on links or downloading attachments from suspicious emails."
5. I can't make sense of any of this. How can I get more help? Visit Yahoo Help here or post to the Yahoo Help Community. You also can Yahoo contact customer service on Twitter at @YahooCare.
Cox Media Group
