yahoo-hackBreaking news this evening of another hack on Yahoo with a staggering 1 billion accounts affected. The details of this hack are still coming out but it appears that account details have been published online.

Our advice is:

  1. If you have a Yahoo account, change your password immediately (not tomorrow, or in an hour. do it now) using a strong password (no dictionary words, no names, use of special characters, capitals and non-capitals). This will not prevent accounts future hacks but it will change the known data that has been published.
  2. Do not use Free email services for business use. Contact us for secure hosted services.
  3. If you have any sensitive data held in your yahoo accounts such as banking details, emails containing passwords to other critical web services, personal details such as actual address, name, date of birth, ensure you monitor this story closely. If it is believed that any information held on accounts has been breached proceed very carefully.
  4. Consider closing your Yahoo account altogether, removing all information held on that account before closing.

We are sure that more will come out about this event in the coming hours and days.

Update:- It appears that this is an old hack from 2013, with data from that hack being released in the past few hours forcing Yahoo to admit that this did indeed happen. This raises the question as to when Yahoo first knew about this hack and why they were not open about this when they knew, the bottom line is share price over security.

Update 2:- Given that anyone could potentially have had access to email accounts for the last three years, it is very possible that those people are affected much more than a simple account breach on their email account. The hackers will know where you shop. How many peoples Amazon account password is the same as their Yahoo one? They will know when your birthday is from friends wishing you happy birthday, they will know where you live as you will have order confirmations, they easily have enough data for identity fraud. What the statement from Yahoo is correct in that ‘No Bank or Card details’ have been stolen in the hack, this is directly from Yahoo. This is again a company spinning to protect share price. It is clear to us that the extent of the damage could very well extend far and wide.