Yahoo on Wednesday revealed that a 2013 breach leaked information from more than 1 billion accounts. This is separate from a very similar breach of 500 million accounts that Yahoo announced in September.
Here is a quick look at what Yahoo users should know.
What information has been stolen?
Yahoo’s chief information security officer, Bob Lord, said in a blog post Wednesday that account information taken “may have” included names, email address, telephone numbers and dates of birth. Lord also said that password information, though not passwords in plain text, may have been stolen, as well as some answers to security questions.
According to Yahoo, accounts on Tumblr – which Yahoo bought in 2013 – are not affected.
How about financial information?
Lord said financial information, including credit card numbers and payment card data, were not accessed. That information is stored in a separate system.
Still, users should check their credit scores to see if new accounts have been opened in their name, as this type of personal information can be used as a key to get enough information to open an account.
How do I know if I’ve been affected?
Yahoo will be contacting potentially affected users by email.
Beware of scam emails that may reference the Yahoo breach to try to pull more information out of you by asking you to “verify” information.
What should I do on my Yahoo account?
Users will be asked to change their passwords. Any unencrypted security questions and answers will be invalidated, meaning that users will have to submit new ones. If you haven’t changed your password since 2013 — or if you had changed it to a password you may have used before 2013 after the previous breach – it’s a good idea to change it again.
Also, if you had a Yahoo account in 2013 but have since closed it, you should change the credentials for any current accounts you have that might share a password or security question response with that old account.
Does Yahoo have a place where I can find all this information?
The company has set up a frequently asked questions page for anyone who may have been affected by the breach.
Send questions/comments to the editors.
Success. Please wait for the page to reload. If the page does not reload within 5 seconds, please refresh the page.
Enter your email and password to access comments.
Hi, to comment on stories you must . This profile is in addition to your subscription and website login.
Already have a commenting profile? .
Invalid username/password.
Please check your email to confirm and complete your registration.
Only subscribers are eligible to post comments. Please subscribe or login first for digital access. Here’s why.
Use the form below to reset your password. When you've submitted your account email, we will send an email with a reset code.