Last week, Yahoo! announced on their blog that the email accounts for an unspecified number of users had been compromised by hackers. They also echoed a sentiment frequently found on this blog, that “security attacks are unfortunately becoming a more regular occurrence.” Below are some details about the latest Yahoo! cyber attack, as well as several measures you can take to help secure your email account.
Unfortunately, as this hack is still under investigation, the information available is limited. We do know that there is no proof to imply a vulnerability in Yahoo! security processes at this time. Yahoo! has instead suggested that it was an unnamed third-party database that cybercriminals were able to hack into in order to access a trove of usernames and passwords.
They haven’t released information about what third-party this may have been, but anytime you choose to login to an app or website with your Yahoo! account, that database receives your email address and password. Those who have chosen to connect in this manner in the past may be at higher risk for hacking.
Yahoo! has stated that the hackers appear to have been seeking the names and email addresses from messages recently sent by the accounts that they hacked into. Cybercriminals were likely after this information so that they could send additional emails from the hacked accounts to these unsuspecting victims, with the intent to spread malware or other malicious computer viruses. There is no information from Yahoo! on whether or not the criminals were able to achieve this goal.
With 273 million accounts, Yahoo! mail is the second largest email provider in the world (behind Google’s Gmail) and a cyber attack is not something that should be taken lightly. Luckily, Yahoo! appears to be taking appropriate measures to secure affected user accounts. In addition to alerting users via text message and resetting passwords on impacted accounts, Yahoo! has turned on two-factor authentication to allow users to re-secure their accounts—for the time being. The company has also stated that they’ve implemented additional measures to block attacks against their systems.
Yahoo! is taking a number of steps to help impacted users regain secure access to their accounts, but that doesn’t mean you should sit idly by and wait for the next attack to hit. Follow the steps below to help reduce the impact of this attack and avoid becoming a victim in the future:
- Change your password(s). Even if you didn’t receive a notice from Yahoo!, users of the email service should consider updating their passwords. If you use the same password for your email as you do for other accounts (such as social media or banking), it would be wise to change those passwords as well─and take this time to use a different password than you use for your email.
- Notify friends and family. If you are a Yahoo! user who had your account compromised, let friends and family members in your address book know. Alerting them to this will help ensure that they avoid clicking on any infected or suspicious looking messages that may originate from your email address now or at any point down the road.
- Check your personal email settings. Again, if notified by Yahoo! that your account has been impacted in this attack, check your email settings to be sure that no “forwarding” permissions have been enabled on your account. It’s possible that cybercriminals could have turned on settings that allow them to forward sent or received messages from your account to an alternate address.
- Limit third party access to your account. I wrote last August about the trouble with allowing third-party access to your social media accounts. The same is true for allowing third-party access to your email. When given the option to “Sign in with Yahoo!” (or any email or social media provider), consider the consequences carefully. Many third-party apps that request this access don’t have the best security processes in place and may allow for your account to be compromised, as in this case with Yahoo!
- Install comprehensive security software. The best thing you can do to protect yourself against the growing rate of cyber attacks is install comprehensive security software on all of your devices. McAfee LiveSafe™ service protects your identity and data on all your PCs, Macs, smartphones and tablets from malware and viruses while blocking spam and dangerous emails.