In September 2016, Yahoo admitted that hackers accessed more than 500 million accounts in the year 2014. The hacked information includes usernames, email id’s, security questions and answers, phone numbers, date of birth etc. Fortunately, no credit card details were stolen. According to Yahoo, the hack was done by state sponsored hackers from another country and not by cyber criminals. Yahoo cannot guarantee that this information can be used for cybercrimes.
Unfortunately, the data breach was only noticed by Yahoo only in 2016, 2yrs after the incident happened. Once they came to know about data breach, they kept it secret for another 3 months. Also they kept the facts hidden from Verizon. Maybe, they didn’t want the news to jeopardize the multi-billion dollar move by Verizon to buy Yahoo.
What is the impact of Yahoo account getting hacked
Though there is no credit card information leak, the breached details are enough for criminals to launch a phishing attack. They can use this information to contact users to give their card details or social security number. To make it look valid, they may mention your phone number or birth date as reference. Users should stay away from revealing card details or social security details through website links.
How to check if your Yahoo account is hacked
If you own a Yahoo account especially created before 2014, it is better to cross check if your account was hacked.
- Simply go to the website link https://haveibeenpwned.com/
- Enter your username or email address and click pwned. Using email address is more accurate.
- If your account was hacked, you will get a notification as below.
Best practices to follow if your Yahoo Account was hacked
- If you want to continue using your hacked Yahoo account, replace the password with a strong one, change security question and password, personal details etc.
- If you don’t want to use the Yahoo account again, remove it permanently to prevent the account from getting hacked and misused for other purpose. Since there is uncertainty regarding the future of Yahoo, it is better to switch to other email service providers.
- Never give away your bank details or social security details through website links. Legit institutions never ask their customer to share this information through website links.