The infamous Yahoo hack, already regarded as the biggest in history is actually far worse than anyone could have imagined.
On Tuesday, Verizon, which now owns Yahoo after acquiring the firm back in June, admitted that every single one of the 3 billion Yahoo user accounts were affected by the security breach.
Previously Yahoo had said that 1 billion accounts had been compromised.
In a statement Verizon said:
“Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.”
The compromised user data included all email addresses, date of births, phone numbers and security questions and answers, as well as ‘hashed’ user passwords.
While the company said that only ‘hashed’ or scrambled passwords were leaked, the technique Yahoo was using to hash passwords, which is meant to ensure they can not be viewed by third parties, is widely considered to be outdated and can be easily compromised.
So what do you do if you still have a Yahoo account?
If you didn’t already change your password after the breach was first disclosed, then you need to do that right now.
You could go one step further by deleting your Yahoo account altogether – here’s how.
Also, and this is perhaps most important, if you think you have used the same password on other online accounts, you need to change those right away too.
If you are determined to continue to use Yahoo, then make sure you enable two step authentication on your account.
Also consider using a password manager to manage your online accounts.
Previously Yahoo emailed all affected users informing them to update their passwords.
With Tuesday’s revelation you can bet that hackers, fraudsters, cyber criminals and scammers, will see this is a prime opportunity to launch their own phishing campaigns by disguising rogue emails which appear to be from Yahoo.
If an email which claims to be from Yahoo suddenly appears in your inbox asking for your password or to make any kind of changes to your account, be seriously wary before you proceed.
On its website Yahoo says it will never send you an attachment or request personal information via email.
If you receive an email from what looks like Yahoo asking for any of the above then alarm bells should ring.
Finally, you may also want to review any online accounts that were linked to your Yahoo address, particularly credit card or online banking accounts. If you notice any suspicious activity on any of those accounts report it immediately.
For more information on your Yahoo account visit Yahoo’s help page.