If you use Yahoo Mail or any of its services, you need to do this now

Yahoo confirms of a massive data breach that affects at least 500 million user accounts

The Yahoo logo is shown at the company's headquarters in Sunnyvale, California. PHOTO: REUTERS

After Yahoo confirmed on Thursday of a massive data breach that affected at least 500 million user accounts, Yahoo users need to act now.

According to a long investigation, leaked account information may have included names, email addresses, dates of birth, telephone numbers, hashed password, encrypted or unencrypted security questions and answers. If your password was not leaked, it doesn't mean you shouldn't change it.

Potentially affected users are likely to be notified by Yahoo. However, it is advisable for all Yahoo users to take the following steps for added security.

Update your Yahoo accounts

This goes without saying, affected users need to update their accounts. Yahoo has invalidated unencrypted security questions of those users it believes have been affected, but everyone should go and change their password, especially if it hasn't been updated since 2014.

Yahoo says at least 500m accounts hacked in 2014

Change passwords, security questions that match your Yahoo's passwords and security questions

People tend to keep the same password and security questions for multiple accounts/services. If you are one of them, take this opportunity to do what you should have done a long time ago — go to those accounts and change passwords and security questions. Try not keeping similar passwords for multiple devices as it’s a hackers’ lottery if they find a user with similar passwords.

Change your Yahoo password  PHOTO: SCREENGRAB


Use password manager

Using a similar password is often convenient for most users as keeping track of differing passwords can be difficult at times. To help solve this problem, you can use password management systems like LastPass, 1Password or Dashlane.


These password managers require users to have one master password which it then encrypts and stores passwords for all other sites and services.

Enable two-step authentication

Two-step authentication is one of the simplest ways to provide an additional level of security. After you enable the two-step verification, you would receive a string of numbers on your phone via text message or voice call that you would need to enter before logging in.

Although the context of this story is related to the massive Yahoo breach but you should enable two-step authentication for all your accounts to prevent your accounts from being compromised.

Enable two-step authentication for an added layer of security PHOTO: SCREENGRAB/jamnajaf


Use Yahoo Account Key

For Yahoo in particular, you can use its own service called Account Key. This service eliminates the need to store a password, instead users receive a notification on their smartphone to which they need to tap in order to sign in.

Yahoo appears near deal to sell core assets

You can enable Account key here.

Stop using Yahoo

Last but not the least, it’s advisable to simply switching to other email services. The hack is over — well, it was actually done back in 2014 —and it has given us an opportunity to reconsider our email preferences. Gmail and Outlook are some of the better alternatives available out there.

This article originally appeared on Mashable.
Load Next Story