If you have been ignoring safe email practices such as setting long complex passwords and changing them regularly, your account may be in trouble.
Even more so if it was an Yahoo account.
The company just admitted that around a billion of its accounts were hacked into, in what is being called the largest cybercrime in recent times.
The company had earlier reported a hack attack in 2014, in which 500 million accounts were compromised. It has also admitted that nearly 1 billion accounts were compromised in August 2013.
In an official statement on Tumblr, the company said, “As we previously disclosed in November, law enforcement provided us with data files that a third party has claimed Yahoo user data. We analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.”
It added, “Based on further analysis of this data by the forensic experts, we believe an unauthorised third party, in August 2013, stole data associated with more than 1 billion user accounts. We have not been able to identify the intrusion associated with this theft. We believe this incident is likely distinct from the incident we disclosed on September 22, 2016.”
What is the scope of the attack?
An attack on a billion accounts is scary. It could mean that hackers might have access to other accounts as well: Facebook, Twitter or other mail clients the breached Yahoo account was linked to.
If you use the same password for different accounts, you will be more prone to losing your information on other accounts as well.
However, all this depends on the nature of the attack and what the hacker has decided to access. But hackers can easily impersonate a person and act as a legitimate entity in a public space.
What was stolen in this attack?
According to the internet giant, all user information -- names, email addresses, telephone numbers, date of birth and other passwords -- were stolen in the attack. Yahoo has said that encrypted and unencrypted security questions may also have been stolen.
However, it added, “The investigation indicates that the stolen information did not include passwords in clear text, payment card data, or bank account information. Payment card data and bank account information are not stored in the system the company believes was affected.”
Yahoo had earlier said that its forensic experts were investigating ‘forged cookies’, which could allow a hacker to access users’ accounts without a password. It also said that an unauthorised third party might have accessed the proprietary code and learnt how to forge cookies.
“Forensic experts have identified user accounts for which they believe forged cookies were taken or used. We are notifying the affected account holders, and have invalidated the forged cookies. We have connected some of this activity to the same state-sponsored actor believed to be responsible for the data theft the company disclosed on September 22, 2016.”
How can you protect yourself from more damage?
There are several things that can be done but you must first ensure that your account has been hacked. Even if it has not been hacked, then it is wise to dissociate all accounts from your Yahoo account. Opening a new address and closing down the old one is also advisable after transferring all related contents.
“Yahoo encourages users to review all of their online accounts for suspicious activity and to change their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account,” the company said in a statement.
“The company further recommends that users avoid clicking links or downloading attachments from suspicious emails and that they be cautious of unsolicited communications that ask for personal information,” it added.
Additionally, it also recommended using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password on Yahoo altogether.