The Yahoo Email Hack You Need to Know About

Yahoo! seems to constantly coming up in the news, and not in a good way. But the latest Yahoo email hack is different, and what you don’t know could hurt you.

Hackers Get Behind Yahoo Security, Not Through It

Yahoo has had its share of security hacks. Customer passwords have been compromised, and personal information has gone public. But late in 2016, hackers did something different. They used the source code of the Yahoo database itself. Using “forged cookies” they tricked the program into thinking they were already logged in as legitimate users and then stole information from their accounts including:

• Usernames
  
• Passwords
  
• Security questions answers
  
• Personal details like birthdays
  

That’s a big deal because many Internet users use the same or similar usernames, passwords, and security questions across platforms. So if hackers got a hold of the details for JoeSmith@yahoo.com, it may be easy for them to guess the password and personal security answers for JoeSmith@gmail.com or hotmail.com. Even people whose Yahoo account has been dormant for years could easily become the victims of identity theft through this scheme.

Yahoo Keeps Consumers In the Dark

Email hosting services like Google and Yahoo are constantly fighting to improve their cybersecurity. Keeping your information private is an important part of their jobs. So when a hack causes a breach in security, it is essential that the companies notify their customers right away. Yahoo has known about this hack since at least September 30, 2016. It was disclosed in the company’s quarterly report to the Securities and Exchange Commission (SEC), and was the topic of a press release in December. But email notifications didn’t go out to consumers until February 2017. The delay is concerning to consumer protection advocates, because it left consumers’ confidential information vulnerable when they did not know they needed to protect it.

What Consumers Can Do To Protect Their Privacy

Chris Boyd of the company Malwarebytes says:

"It's essential all Yahoo users roll up their sleeves and continue to use secure passwords and enable two-step verification. While this clearly won't save them in all circumstances, it is still certainly better than nothing."

If you have ever had a Yahoo account, now is the time to:

• Delete idle email accounts
  
• Strengthen your passwords by adding capitalization, numbers, and symbols
  
• Use different passwords for different sites
  
• Consider a pass phrase or abbreviation that is hard to guess but easy to remember
  
• Use a password manager
  
• Enable 2-step authentication to push login notifications to your phone or backup email.
  

Internet security threats aren’t going away. But consumers can take matters into their own hands and protect themselves, even when companies like Yahoo are slow to act.

Dani K. Liblang is a consumer protection attorney at The Liblang Law Firm, PC, in Birmingham, Michigan. If you have been the victim of identity theft, contact the Liblang Law Firm, PC, for a free consultation.