Yahoo breach – Round 3 … Billion! ?

yahoo! breachIf you had a Yahoo!, BT or Sky e-mail account (also AT&T, and Rogers) back in 2013, well you are definitely part of the latest and greatest Yahoo breach.It’s a record that will be hard to beat, but they have now confirmed that all 3 BILLION Yahoo! based customers had their account information stolen. They are all being contacted now with information on the compromise.


Subsequent to Yahoo’s acquisition by Verizon, and during integration, the company recently obtained new intelligence and now believes, following an investigation with the assistance of outside forensic experts, that all Yahoo user accounts were affected by the August 2013 theft.

That’s an absolute world record number of accounts to have been compromised. Only Google or Microsoft would have more e-mail accounts than Yahoo!

As I’d indicated at the time of the first Yahoo breach notice, they also provide e-mail services to a number of other internet service providers such as BT and Sky in Ireland and the UK. These accounts will have been compromised too. I provided a number of helpful tips in my second Yahoo! post when they went and set the previous world record for accounts breached, I’ll include them again here for you.

Two-factor authentication:

This will absolutely improve your on-line account protection by a huge amount. Particularly if you use an authenticator app like Google Authenticator. There is even an entire commandment dedicated to it, because it is that good!

Use unique passwords on every site:

Yes, we know it’s difficult to do this, but this is where the bad guys win. If you haven’t received the excellent training available from L2 Cyber Security Solutions, then use a Password manager.

Check auto-forwarding settings:

If the evil doers have compromised your e-mail account, they may have done this in a very sneaky fashion by logging on once, and setting your account to automatically forward all received e-mail to them. This is a particularly stealthy way for them to spy on you. Go to your account settings now and check if there is any forwarding of mail going on.

Don’t save welcome e-mails or password resets:

When you sign-up to services or accounts, you provide your e-mail address and that service or account sends you a “are you the person who just signed up to us” type e-mail, followed by a “welcome to our service” type e-mail. You might also have forgotten your password for such accounts and requested a password reset which they helpfully send to you in an e-mail. 

Well you really should delete all such e-mails after you have read them, because these will lead the evil doers to these accounts, where they will do another password reset and then compromise that account too. If they don’t know what services you subscribe to, they can’t do anything to them.

Lets be careful out there.