Take 10% OFF—Expires in h m s Use code save10u during checkout.

Claim Offer

International support numbers

USA
+1 (800) 405-2972Toll-free +1 (702) 979-7365Local/SMS
CAN
+1 (800) 597-3941Toll-free
AUS
+1 (800) 764-195Toll-free
GBR
+0 (808) 134-9867Toll-free
  Security Bulletin
 
 
 

Select network

 
 
 
 
 
 
 
Yahoo breach - Ultius Security bulletin

Massive Yahoo Account Breach

Learn about the recent account breach and what to do if you were impacted.

Incident snapshot

Website/Service

Yahoo  

Breach Date

Late 2014

 
 

Announcement Date

22 September 2016

 

Company Press Release

Via Business Wire  
 

Impacted Users

500 Million

 

Root Cause

State sponsored actor

 
 

Data Compromised

  • Names
  • Email addresses
  • Telephone numbers
  • DOB
  • Hashed passwords (?)
  • Security questions/answers (unencrypted)
 
 
 
 

500 million Yahoo accounts exposed in late 2014

On September 22, 2016 CNN and several other news outlets reported that almost 500 million Yahoo email accounts were compromised, including passwords and security questions/answers. While the breach happened in 2014, Yahoo waited until September to let the public know.

While it is generally unusual for technology companies to delay important security announcements for years, it most likely had to do with the fact that Yahoo was preparing its inevitable sale to Verizon for $4.8 billion in July of 2016. The sale is still pending approval from regulators and the NY Post reported that Verizon is looking for a discount - perhaps even a way out of the transaction entirely. Ultimately, this is extremely bad for the company's reputation, especially as the highly followed CEO Marissa Mayer was working on turnaround efforts for the company.

What to do if your Yahoo account was compromised

If your account was impacted, there are some immediate steps you should take to secure your account and make sure that the damage doesn't bleed into other important accounts (such as facebook or online banking). Ultius informed customers via email with similar recommendations, and we wanted to share them with the rest of the public.

Find out if you were impacted

To find out if your account was impacted, please visit haveibeenpwned.com and enter your email address. This tool will let you know if your email has been associated with any security breach, not just the one that happened with Yahoo.

My account was impacted! What do I do?

If your account was impacted, please follow the steps provided.

Step 1: Change your Yahoo password

According to Yahoo's KB article on changing your password, you should:

  • (1) Log into the Yahoo service. You can also access it from the home page, as shown in the images below.
  • (2) Click Account Security > Change Password
  • (3) Type in your new password
  • (4) Click "Continue"

Log in to Yahoo

Yahoo Site Home Page - Find the login button

Account Page

Yahoo Account Page - Change your password

Change Password Screen

Changing Your Yahoo password
 

When choosing a new password, make sure to follow these best practices:

Step 2: Set up security questions and two-factor authentication

While you're changing your Yahoo password, we strongly recommend that you set up really strong and personal security questions as well as two-factor authentication.

  • Security questions: Security questions are used to verify your account if unusual activity is detected. Make sure to store these in a safe place.
  • Two-Factor Authentication: Two step verification adds an additional layer of security to your account by prompting you to enter a code sent to your mobile device (through SMS or an authenticator application).

Enable Two Step Authentication

Enable Two Step Authentication - Yahoo Account Page
 

Once you have completed these steps, there are some other important things to do in order to stay secure.

Step 3: Change the passwords of any accounts that used that previous password

Any account that reused that password is also at risk. At the very least, make sure to change reused passwords for the following important account types:

  • Online banking
  • Social media sites like facebook and Twitter
  • Google
  • Anything that involves payment data or social security numbers (PayPal, government sites)

Step 4: Change your Ultius account password

If you have an Ultius account, please follow the steps below to change your password.

  • (1) Log into your Ultius account
  • (2) Click Profile from the main menu
  • (3) Click Edit Profile on the bottom-right of the screen
  • (4) Update your passwords
  • (5) Click Update Profile at the bottom-right of your screen to finalize the change.

Now that you have secured your accounts and set up some additional security, keep reading to consider some other security considerations.

 
 
 

Other things you can do to protect your security

Yes, now is a great time to brush up on your security best practices. After all, we have previously written about online privacy and are familiar with the body of knowledge. Consider the options below:

  • Get a password manager. We recommend using Dashlane. We use it internally at Ultius and there is a free version available for consumers (like you)
  • Consider updating all of your passwords regularly, especially the ones that you have reused. Once every six months is a sufficient frequency
  • Consider changing your email account to one that has a stronger track record of security, such as Gmail by Google or Outlook by Microsoft
  • Consider setting up two-factor authentication on all of your important accounts (like online banking). This is an added layer of security that will help prevent unauthorized users from accessing your account without authentication from your phone
  • When logging into your email, make sure that your connection is encrypted. Look for HTTPS in the URL box of your browser. It should be in green and look like this
  • Never click strange links while reading emails. If you see a suspicious link, use scanURL to see if it's malicious

Lastly, don't forget to share this guide with your friends, family and co-workers so that they can stay safe too.

 

Company

Contact

Connect

Ultius is the trusted provider of content solutions for consumers around the world. Connect with great American writers and get 24/7 support.

Download Ultius for Android on the Google Play Store DMCA.com Protection Status

Ultius, Inc. 1201 N. Orange St. Ste 7038 New Castle County, Wilmington, DE 19801