Here is a worrying aspect of the Yahoo breach.
Everyone has heard about the personal information related to 500 million Yahoo accounts being stolen from Yahoo in 2014. There’s lots of helpful tips out there (and some here too), but some people may not realise that they have a Yahoo account.
Yahoo provides e-mail services to some big internet service providers (ISPs), over in the US AT&T, Rogers and Frontier.com. Over on this side of the Atlantic Sky and BT are large ISPs operating in Ireland and the UK. Their e-mail services are powered by Yahoo.
There are reports that Sky and BT are contacting their customers, so that at least should hopefully highlight to those people that, yes, you do have a Yahoo account too, it’s just by a different name.
Helpful tip #1
A large amount of the Yahoo accounts will no doubt be dormant and no longer in use by their owners. I certainly had a Yahoo account quite some time ago, but I never associated it with myself (shock/horror – I lied on the Internet ?) or with any other account. The bad guys are welcome to it, as I know it can’t connect to me.
However if you used the same user name on a Yahoo account (dormant or not) on some other accounts (GMail, Facebook, LinkedIn, Microsoft, etc.) then the Yahoo account details could be tried by the evil doers against these other services.
Of course, you will have used the same password on them all, so that’ll make their life so much easier to ruin yours. ?
So the first tip is to change your Yahoo account password now. You should also change this password on all of the other online accounts that you use it on. However this time you might take the sensible decision and give every account a unique password. You can learn how to do this easily at the Internet Safety Training which L2 Cyber Security Solutions deliver. However if you struggle to come up with the means to do this, then you should invest in a Password Manager. This can do the hard work for you.
Helpful tip #2
On any on-line service that you use, if it has a means to implement, what is called, Two Factor Authentication, then turn it on NOW! I cannot stress how much this improves your security position just by turning this feature on.
I go into in more detail here, but briefly, if you are using Facebook or Dropbox (to name but two, there are dozens that subscribe to this method) you can download the Google Authenticator App onto your smart phone (available on Android and Apple). Then inside in the account security settings of your on-line service, activate the Two Factor Authentication, telling it you use Google Authenticator. It will put up a QR code on screen, which you show to the App and it will then start generating a 6 digit code that changes every 30 seconds.
So now what happens is that if you (or some evil doer) tries to sign on to your account from a different device or location, even if they have your password they will also now need the 6 digit code that is showing up on your Google Authenticator App. Without it, they get nowhere.
If the on-line service does not support Google Authenticator, then they might send you a text message instead. This is not quite as secure as the App, but it is better than nothing.
Helpful tip #3
It wasn’t just user name and passwords that were stolen, but details like date-of-birth, mobile phone number and answers to security questions.
Details like date-of-birth and mobile number are kinda hard to change, but the security questions are another concern. If you have some other on-line accounts that use the same security questions, now would be a good time to go and change these.
A much simpler solution would be to implement Two Factor Authentication, as outlined above.
The internet is a wonderful but dangerous place and there are a lot of bad guys who are making a lot of money from your accounts. So …