The individual account information hacked from Yahoo includes encrypted passwords so cyber-criminal may not necessarily be able to access emails – but the level of encryption is not clear.
Paul Dwyer, chief executive of Cyber Risk International, an internet security company, said anyone who has a Yahoo account should follow a series of basic steps to ensure they are safe.
1) Identify what type of account you might have had. Yahoo has owned numerous internet services over the years (eg Flickr).
2) Scan your devices for any malware which may be installed to record newly set passwords which would allow unauthorised access.
3) As soon as this is done, account holders should securely change their passwords. This should include a difficult to break, lengthy combination of letters, numbers and symbols if possible, of about 10-15 characters.
This is to combat so-called “dictionary attacks” where hackers run programs that apply every word in a dictionary to various accounts to try and break in. In many cases, if this doesn’t work, they will simply move on to the next account.
Personal security questions such as school or pet names can also be easily deciphered by simply looking at other online sources like Facebook or Linkedin accounts.
4) Monitor email activity to look for any strange patterns or mail.
5) Upgrade to two factor authentication – the new norm, it requires account users to have not just a password but an additional piece of information like a randomly generated code to allow access to accounts. This provides an additional layer of security.
Once these measures are taken, users can be reasonably assured they are secure. “People just need to be cautious,” explains Mr Dwyer. “I think they will have more or less mitigated the risks if they follow these steps.”