Yahoo Announces 500 Million Users Impacted by Data Breach

A computer screen with a code of numbers and letters representing a data breach.

 

In what quite possibly could be the largest data breach to date, Yahoo confirmed in September 2016 that at least 500 million user accounts have been exposed.

Information stolen in late 2014 by what Yahoo calls ‘a state-sponsored actor’ “may have included names, email addresses, phone numbers, dates of birth, hashed passwords…, and in some cases, encrypted or unencrypted security questions and answers,” according to a Yahoo statement.

“The ongoing investigation suggests that stolen information did not include unprotected passwords, payment card data, or bank account information; payment card data and bank account information are not stored in the system that the investigation has found to be affected,” the statement read.

Yahoo is notifying potentially affected users and has taken steps to secure their accounts — including invalidating unencrypted security questions and answers so that they cannot be used to access an account and asking potentially affected users to change their passwords.

Are you a Yahoo user? Here’s what you can do now to help protect yourself:

Assume you were affected and change your password on your Yahoo account.

Are you a password re-user? If you’ve used the same password on other accounts, change them. It’s best to use a unique password for each online account, but at least make sure you’re using unique passwords for your email and other sensitive accounts—including those that are financially related.

Yahoo asks users to consider using Yahoo Account Key, “a simple authentication tool that eliminates the need to use a password.”

You may also want to consider using a password manager or two-factor authentication for your online accounts, which provides an extra layer of security. For example, after typing in your username and password, a code would be texted to your cell phone and you would need that code to log on to the account.

Beware of phishing. Fraudsters often take advantage of what’s going on in the news to send out phishing emails, hoping to trick you into taking action. In this case, a savvy fraudster might send you an email referencing this data breach, encouraging you to click on a link to change your password or asking for your personal information. That link may take you to a site that looks legitimate—for a bank or even Yahoo—but is a fake, intended to capture your login credentials.

As you consider your various accounts, think about which ones you no longer need. It might be a good idea to close them. Otherwise, you may be offering up user names and passwords, not to mention whatever other personal information those accounts hold, to the next hacker.

Editor’s note: Our articles provide educational information. LifeLock offerings may not cover or protect against every type of crime, fraud, or threat we write about.

This article contains

    Target Data Breach Victims Could Get Up to $10,000
    Target's massive data breach hit during the 2013 holiday shopping season. The retailer is proposing to offer victims up to $10,000 each in damages.
    March 26, 2015 ·3 Minutes
    Read More
    Microsoft accidentally exposed 250 million customer records — What you should know
    A Microsoft security breach exposed 250 million customer records on a database without password protection. Learn more.
    February 04, 2021 ·3 Minutes
    Read More
    How to Check If You're Affected by the Equifax Data Breach
    It’s easy to find out if you were affected by the Equifax data breach by using a look-up tool. Find out how from LifeLock.
    October 06, 2017 ·3 Minutes
    Read More
    A Brief History of Data Breaches
    Data breaches now make regular news headlines but it wasn’t always so. See a brief history of data breaches from the LifeLock blog.
    January 13, 2018 ·3 Minutes
    Read More

    Start your protection,
    enroll in minutes.

    Get discounts, info, protection tips, and more.

    Sign up for promotional emails.