If you haven’t heard, Yahoo was recently hacked and it’s just being released that over a BILLION accounts were compromised.  If you use Yahoo for mail, fantasy football, etc, and haven’t already done so, please stop right now and go change your password.  I would even suggest switching to Google’s Gmail if you can.  If you want to stay with Yahoo’s email, then you should log into your account, click on the settings icon and turn on the “Account Key” option.  What this does is send your phone a popup that lets you approve/deny any time your account is accessed.  This is called Two-Factor Authentication, and is a common login procedure.

Hints And Tips For Yahoo Account Owners

  1. Before you delete the account, get rid of all the folders and only then delete the account and open a gmail account instead.
  2. Check if you have used your Yahoo password in other sites, and change the password and security questions for those accounts. And remember, never reuse your email password (or any other password tied to an account that holds sensitive data about you) at any other site.
  3. If you used a mobile phone number in association with your Yahoo account, and you still use that mobile phone number, then SMS phishing (a.k.a. Smishing) is now a distinct possibility, so be very wary of smishes.

The forensic investigation is still going on, but it is highly likely that the bad guys initially got in through a spear phishing attack with a spoofed ‘From’ address. These types of attacks are hard to spot and employees tend to fall for them.

Stay safe out there!

Erik