As news breaks about the largest personal data breach in history there are a few actions that you or your clients should think about doing as soon as possible.

On Thursday, Yahoo confirmed that in 2014, hackers stole the account information for 500million of its users. This data includes:

  • Usernames (ie email addresses)
  • Hashed passwords (see below)
  • Telephone numbers
  • Date of birth
  • Security questions and answers

The impact of this could be significant if you or someone you know has a Yahoo! email account.

Firstly, if your password (as of 2014) is based on a dictionary word (even if some of the characters are jumbled up eg L0nd0n123), then the chances are that this has already been decrypted and is in the hands of criminals.

Change your password immediately and enable 2-Factor authentication to protect your account. See how here:

Also think about other accounts that use the same or a similar password. They need changing too. If your Yahoo password is L0nd0n123 and your gmail password is London123456 – this will be comprised also, in time. Try not to use similar passwords across multiple accounts. We recommend using a password manager such as 1password or Dashlane. These will generate and store complex passwords for you behind one central repository.

In addition, ensure your account recovery details are up to date (e.g. a mobile phone number) and make sure your security questions have been changed on this account and any other mail/social media accounts. This is for immediate account protection but also future protection. A good tip here is to provide very unusual answers to questions. For example: What was the name of your first pet? Instead of answering Fido or similar, consider answering with something that is nothing to do with a pets name, such as Cornwall.

If you follow these steps for your Yahoo account and any other social media or email accounts then you should be protected going forward.