That means the personal data of Yahoo account holders – including names, email addresses, telephone numbers, dates of birth, hashed passwords and, in some cases, encrypted or unencrypted security questions and answers – is now known to a third party, and likely being used for nefarious purposes.
So what should you do now?
Change your password(s) now
Normally I’m not an advocate for fear-mongering, but now is a good time to assume you are among the billion accounts that has been hacked. Change your password, and do it now. Yahoo is basically forcing you to anyway, as part of its own security measures.
Pick a good password. Make it a phrase, mix up the capital letters, throw some numbers in, an exclamation mark, anything hard to guess but easy to remember.Check the strength of your password. Don’t use 123456. Don’t be that guy.
And don’t just change your Yahoo password. Change them for everything. That’s what’s really at risk here – every other account you have online. Use a password manager to keep track of them all.
Any unencrypted security questions and answers have been invalidated by Yahoo as well, so you’ll need to re-set those too.
Use two-factor authentication on everything you can
Unless you’ve got two-factor authentication enabled, anyone with your password can get into your account. If you’re using the same password across multiple accounts, you’re in even more trouble.
As you sign into everything you use online today, check for two-factor authentication options. Enable them, and bam – instantly feel a bit safer.
Be super cautious of strange emails
Strap on your tinfoil hat, and be ultra vigilant of anything that hits your inbox – phishing scams will be on their way, trying to fill the blanks in any information the hackers have already gained. These emails are getting pretty sophisticated, so make sure you don’t click on links, download attachments or give anyone your personal information.