Update: Ever had a Yahoo account? Take these steps now to protect yourself

yahoo account hack how to protect yourself wr 09 23 01
In September, Yahoo disclosed that at least a half billion Yahoo accounts were jeopardized by hackers. Names, email addresses, passwords, telephone numbers, dates of birth, security questions and answers, and more were “scraped” from Yahoo accounts in 2014. Now, in December, Yahoo has disclosed again that in August 2013, “an unauthorized third-party accessed our proprietary code to learn how to forge cookies.” The 2013 breach stole data from more than 1 billion user accounts. The information included names, email addresses, telephone numbers, dates of birth, hashed passwords, and security questions and answers, but not, says Yahoo, payment card data and bank account information. So if you’re a former or current Yahoo account holder, what does that mean to you and what can you do about it?

Updated on 12-14-2016 by Bruce Brown: Updated to include information released in December 2016 about an additional 1 billion Yahoo accounts accessed in August 2013.

Well first off, take a breath. If nothing horrible has happened to your email or other password protected accounts so far, chances are you’re actually OK, for the moment anyway. But just because nothing has happened yet, that doesn’t mean you’re safe. Sometimes hackers themselves or people who buy hacked account info hoard the data for years before taking action.

So, if you had a Yahoo account anytime before the beginning of 2015, there are several steps you should take to be prudent, whether or not you use your Yahoo account now.

A general warning: Before you start to change passwords or anything else with your accounts, be very careful with any email you receive about the Yahoo security issue. Nothing Yahoo sends will ask you to click links or download attachments. Yahoo will not ask you to supply personal information via email. Even if you receive an email that looks like it’s from Yahoo, if you are asked to click a link, download an attachment, or provide personal information, the email was not actually sent by Yahoo and may be from someone trying to steal your personal information.

Change your password

Now let’s start with the different actions levels to take, from immediate to very soon.

If you have a Yahoo account, change your password and disable your security questions today. How do you do that? To start, be sure you know your current password — you’ll need it to make changes in any security settings.

In the upper right-hand corner of the Yahoo screen click on the little gear icon. If you see a menu item for “Settings,” that’s not it. Look for “Account Info,” which will probably be at the bottom of the menu. Next, click “Account Security.” At this point you will likely be required to enter your current password.

In the Account Security screen that comes up next, you will see “Change password” and “Disable security questions” in blue type while the other options are in black type. Yahoo has highlighted those two with blue letters because both were potentially compromised. Passwords were taken from all hacked accounts and unencrypted security questions and answers were stolen from many accounts.

When you click Change Password, you’ll see a new screen on which to enter a new password twice. Be sure to make up a brand new password, not one you use on any other account. More on that below.

Also remember you will need to reset your password on other devices where your old password — which will no longer work — may be stored. For example, you may check your email on a smartphone, tablet, or an ebook reader — if so you’ll need to reset each one.

Update: More than one reader has reported that when they tried to reset their Yahoo password using the standard password recovery process they were taken back to the original sign in page. One reader had success with the following, “Simple answer, don’t use password recovery but use the Hacked account or any of the other headings where you get to send a message to a support person. After three or four posts, plus posting on Yahoo Support Facebook page, I received an email from support and the passwords were reset through a Gmail account. Took way longer than I would like but it was much better than setting a completely new account.”

Disable security questions

After changing your password, click “Disable security questions” on the Account Security screen. You’ll see what your questions were, and you’ll be prompted to disable them to protect your account. You can reset your security questions later.

The next screen after disabling your security questions will present any currently listed account recovery email addresses and phone numbers. If you don’t have either, it’s a good idea to set at least one of each so you won’t be locked out of your account.

When you’ve changed your password and disabled your security settings, your Yahoo account is protected. But there’s more to do.

Change similar passwords on any non-Yahoo accounts

Hackers know that many if not most of us reuse the same passwords and security questions. Therefore, if you have ever done that — and if not, you can join a very short list — you will need to change your passwords on your other accounts because they are in jeopardy. Go to all of your other accounts including email accounts, banks accounts, social media accounts, merchant accounts such as Amazon, media accounts like Netflix, and any other online accounts you use and change the passwords. Also, change the security questions and answers for any account where they were required.

There are other measures you can take to protect your accounts including two-factor authentication, using the Yahoo Account Key, or specialized password security programs. The first steps, though, with no delay, are to change your Yahoo password, disable personal security questions, and then sweep through all your existing accounts (and former accounts if you can remember them) and reset all passwords.

Updated on 10-02-2016 by Bruce Brown: Updated to include reader suggestion to get password change assistance from Yahoo support.

Social Media

Twitter suffers privacy scare as bug reveals tweets of protected accounts

If you set your Twitter account to private and you have an Android device, you'd better check your settings now. Twitter says it's just fixed a four-year-old bug that flipped the privacy switch to make the account public.

Having trouble logging in? Here's how to reset your Apple ID password

To use any of Apple's services, you need to have an Apple ID and know your password. Thankfully, there are ways to deal with forgotten passwords and regain access to your account. Here's how to reset your Apple ID password.

Lost your router? Here's how to find its IP address to help track it down

Changing the login information for your router isn't always easy, that's why so many have that little card on the back. But in order to use it, you need to know where to go. Here's how to find the IP address of your router.

Is your smartphone frozen? Here's how to reset your iPhone

You can do a lot with an iPhone, but if you ever run into an issue with it, the first thing you should do is restart it. In this guide, we tell you how to reset your iPhone, and explain how it differs from a factory reset.

Apple Maps boosts Flyover locations, indoor mall maps, and more

In a boost for Apple Maps, the tech company has recently added more than 50 new locations for Flyover, the feature that offers spectacular 3D photo views of particular cities and famous landmarks around the world.

Google has found a clever way to make your search history more useful

Google has found a clever way to make more use of your search history by showing links to pages you've visited before. Ideal for repeat searches for the same page, the links show up on cards at the top of mobile search results.
Smart Home

Booth babes, banned sex toys, and other mishaps at CES 2019

From female sex toys bans, to fake Tesla/robot collision stories, there was some weird stuff going on at CES 2019 this year. Here are some of the biggest mishaps and flubs at the world's biggest tech show.

Shutdown makes dozens of .gov websites insecure due to expired TLS certificates

The US government shutdown is causing trouble in internet security. As the shutdown enters day 22, dozens of government websites have been rendered insecure or inaccessible due to expired transport layer security (TLS) certificates.

Our favorite Chrome themes add some much-needed pizzazz to your boring browser

Sometimes you just want Chrome to show a little personality and ditch the grayscale for something a little more lively. Lucky for you, we've sorted through the Chrome Web Store to find best Chrome themes available.
Social Media

A quick swipe will soon let you keep bingeing YouTube on mobile devices

The YouTube mobile app has a new, faster way to browse: Swiping. Once the update rolls out, users can swipe to go to the next (or previous) video in the recommended list, even while viewing in full screen.

Cathay Pacific messes up first-class ticket prices — again

A couple of weeks ago, an error on Cathay Pacific's website resulted in first-class seats selling for a tenth of the price. On Sunday, January 13, the airline made the error again. The good news is that it'll honor the bookings.

Reluctant to give your email address away? Here's how to make a disposable one

Want to sign up for a service without the risk of flooding your inbox with copious amounts of spam and unwanted email? You might want to consider using disposable email addresses via one of these handy services.
Social Media

YouTube to crack down on dangerous stunts like the ‘Bird Box’ challenge

YouTube already bans content showing dangerous activities, but new rules published by the site go into greater detail regarding potentially harmful challenges and pranks, including certain blindfold- or laundry detergent-based stunts.

Pinning websites to your taskbar is as easy as following these quick steps

Would you like to know how to pin a website to the taskbar in Windows 10 in order to use browser links like apps? Whichever browser you're using, it's easier than you might think. Here's how to get it done.