Do you think you weren’t affected by Yahoo’s massive account breach? Think again. The biggest hack of all time just got a whole lot bigger. Yahoo’s parent company, Oath, just revealed that no account was left untouched by a massive 2013 breach. The report says that every single Yahoo account was affected, tripling the number of compromised accounts from 1 billion to 3 billion.
If you have a Yahoo account that’s more than four years old or an account on any Yahoo affiliated site in 2013, then you are affected—no exceptions. Here’s what Yahoo users can do to protect their account.
Why you shouldn’t delete your Yahoo account
Deleting your Yahoo account may open another workaround for hackers. Yahoo recycles old email addresses, which means that 30 days after your account is deleted, someone could open a new account with your old Yahoo email address and potentially use it to gain access to your other accounts. After opening an account with the address you left, a nefarious individual could impersonate you and fire off password reset requests to get into any of your other online accounts to which you have linked your Yahoo email.
Also, closing your Yahoo account will lose your access to all the sites associated with it (like Tumblr and Flickr).
So, instead of deleting your Yahoo account, it is better to change your password, turn on two-step verification for an added layer of security, disconnect all connected services and move to Gmail while leaving your Yahoo account inactive.
Change your password
The first order of business is to change your password to a strong and unique password or passphrase that you don’t use for any of your other accounts. Hackers will often trawl through user databases stolen in hacks and try those login details on other sites. So, if you have used the same password you used for your Yahoo account for any of your other accounts, go ahead and change the password for those accounts, too. Similarly, Yahoo recommends that you change the security questions for other accounts if you re-used them from Yahoo. Otherwise, even if an attacker can’t guess your password, they might still be able to use them to reset it.
Log into Yahoo Mail, click on the icon in the upper-right corner and click Account Info. A new tab will open. Click Account security on the left and then click Change password.
You can login to Yahoo here to change your password and security questions.
Enable two-step verification
Two-factor authentication method requires you to verify your login on a mobile phone. It creates a second barrier to entry by sending a unique code to your phone. After you log in with your password, as usual, Yahoo will text you a security code, which you will enter in the next step. This way, only someone who has in-person access to your phone (you) can access your account — even if an account’s password is compromised.
On the same Account security page where you changed your password, scroll down and click the toggle switch to enable Two-step verification. Enter your phone number and click the ‘Send SMS’ button and then enter the verification code that Yahoo sent you.
You won’t need to type your password after setting it up, either: Just type your username to log in to Yahoo like you normally would and you will get an approve/deny request on your smartphone.
Disconnect all connected services
Go to Yahoo Mail inbox, click the icon in the top-right corner and click Settings. On the Settings panel, click Accounts on the left and you will see the email accounts, social networks and cloud services connected to your Yahoo account. Click Disconnect on any that are listed as Connected to make it harder for a hacker who gains access to your Yahoo account from getting into your other accounts.