Go to top of page

Second major Yahoo breach reinforces need for care in using online services

Priority Level: 
15 December 2016

You are reminded to be careful and remain vigilant when providing personal information to online services following a statement from Yahoo that it believed an 'unauthorised third party' had stolen user account data in August 2013.

Up to 1 billion Yahoo accounts may be affected, according to the statement, which has been reported by a number of media outlets. Yahoo says it believes the breach is distinct from a previously reported attack that saw personal information associated with up to 500 million Yahoo accounts stolen in late 2014.

Yahoo says the newly disclosed breach may have compromised account information such as names, email addresses, telephone numbers, dates of birth, passwords that had been hashed (converted to random-looking strings of characters that are hard to unscramble) and, in some cases, encrypted or unencrypted security questions and answers.

However, the provider says the stolen information does not include passwords in clear text, payment card data or bank account information. 'Payment card data and bank account information are not stored in the system the company believes was affected,' Yahoo says.

Yahoo adds that it has notified potentially affected users and taken steps to secure their accounts, including requiring them to change their passwords. The business says it has cancelled unencrypted security questions and answers so they cannot be used to access an account.

Staying safe

Stay Smart Online recommends that you carefully consider the consequences of disclosing personal information, such as your name, address and credit card details, to any website. You should read websites' terms and conditions as well as their privacy policies and consider the potential risks before submitting your data. These risks could include potentially embarrassing public disclosure, financial loss or identity theft. With regard to the breach reported today, Yahoo says its users can protect their accounts by:

  • Changing their passwords and security questions and answers for any other accounts on which they use the same or similar information used for their Yahoo account;
  • Reviewing all accounts for suspicious activity;
  • Being cautious of any unsolicited communications that ask for personal information or refer them to a web page asking for personal information and;
  • Avoiding clicking on links or downloading attachments from suspicious emails.

The company also says users should consider using its Yahoo Account Key authentication tool that eliminates the need to use a password on Yahoo.

More information

Stay Smart Online's My Guide provides tips and techniques for you to stay secure when working, socialising or just browsing online.

The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.