Change your Yahoo! Password
- Email addresses
- Telephone numbers
- Dates of birth
- Hashed passwords (the vast majority with the password-hashing function bcrypt)
- And, “in some cases,” encrypted or unencrypted security questions and answers.
Yahoo is alleging that the massive data breach “didn’t include unprotected passwords, payment card data, or bank account information.” The popular search engine and email host denies that it stores any payment card or bank account information in its database. And, although it blames a “state-sponsored actor” for the cyberattack (apparently from Russia, according to Yahoo and US intelligence officials), the fact remains that Yahoo allowed a hack of epic proportions to happen on its servers and domains, making the practical point clear to all of us: “Change and encrypt your passwords regularly.”
The Yahoo hack resembles previous data breaches of huge Web-based giants like LinkedIn, Tumblr, and Adobe, as well as healthcare facility hacks where Ukrainian hackers claimed responsibility for at least one of them. This latest and biggest hack ever is so disconcerting, because the cyber breach occurred a full two years earlier. It repeats a pattern we have seen in these cybercrime cases where we don’t learn of the data thefts until well after they have happened. And, it’s also disconcerting for another glaring reason: Yahoo failed to inform its users of the hack and suggest a password reset in August 2016 when the news was first made public.
The Password-Changing Argument
There is great debate amongst white hat hackers and IT specialists on whether regular password changes are a good thing or not. The argument for seems to stem from situations like the Yahoo hack – basically, the “change when urgently required” rule. Studies have shown that routine password changes of every few months appear only to frustrate office staff, with new passwords only being variations on old ones anyway, and written on sticky notes attached to monitors, which defeats the purpose of safety. But, the pro-password change argument remains in serious cases like data breaches involving half a billion accounts.
Basically, no one’s data is 100% safe online, even when supposedly protected over secure servers and databases. Too-frequent password changing may be just as risky as never changing them, so a happy medium here is prudent. A good rule of thumb is to stick with one hard-to-decrypt password, maybe alter a number or letter here and there, and never share any financial or personally-compromising information on unsecured channels of communication.
Was this article helpful?
For more information about how Domain Computer Services can benefit you.
You need to get off of Windows 7, not because it will immediately stop working, but because they are going to stop updating those operating systems on January 14, 2020.
Change can be hard, but it doesn’t have to be. Thinking about changing IT providers? Watch out — your current IT provider might be holding you hostage.
The complexity and sophistication of ransomware attacks continue to rise. Here are some steps to make sure you are secure as possible.