Yahoo confirmed on Thursday that data associated with at least 500 million user accounts have been stolen from a 2014 data breach - what many are calling one of the largest cybersecurity breaches in history. What information did these hackers get? Yahoo tells us "the account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt), and in some cases, encrypted or unencrypted security questions and answers."
The 2016 year has been very busy when it comes to data breaches. Many well known businesses, such as LinkedIn, MySpace, and T-Mobile confirmed reports of a major breach this year. As an online user of many websites, I expect the organization to do everything they can to keep my data safe. However, I also recognize that even if the organization does have a security plan in place, there is no method that will prevent you from 100 percent of attacks. So, as a consumer and user of many popular websites, what can you do to protect your email and other online accounts?
Do everything to secure your passwords.
Passwords are the golden key for many hackers. Because we often use the same or easy to remember passwords, we're only making it easy for attackers to steal our data and get into our accounts. Use the same password for both your email and bank account? Now it's a lot easier for them to access both. Learn more on how to create and store secure passwords.
Use Two Factor Authentication whenever available.
Yahoo supports 2FA, but most of those 500 million users probably didn't have it enabled. This popular method is like "double securing" your passwords, and it gives an extra layer of security. Whenever you (or someone else) tries to log into your account, you'll be prompted to enter in an additional security code usually offered via text message or authenticator app. No code? Well that's going to make it a little more difficult to get in.
Enable EVERY available security and privacy feature.
My favorite security feature is enabling Login Alerts. Not all websites have this feature, but many popular websites such as Facebook, Gmail, and Yahoo definitely do. This handy feature can let you know when someone tries to sign in from an unknown device...successful or not. You may also be able to find out where your account is being logged in from and recent login activity. This is a great way to get immediately notified if something's wrong with your account, allowing you to take action sooner rather than later.
If you feel like your account has been compromised, the best course of action is to change your password immediately, notify your contacts (in case of a phishing attempt or suspicious social activity that could include malware), and continue to monitor your accounts for activity that isn't yours. Even if you have no reason to believe an account has been compromised, it's always a good idea to monitor your accounts and have security measures in place.