The Yahoo! Hack and What To Do Now

Even if you are not one of the 1 Billion affected users, you have decisions to make

Yahoo announced - after the close of the U.S. stock markets - on December, 14th that the company "has identified data security issues concerning certain Yahoo user accounts. Yahoo has taken steps to secure user accounts and is working closely with law enforcement." The statement went on to say that Yahoo "believes an unauthorized third party, in August 2013, stole data associated with more than one billion user accounts." It is believed that the hack may have exposed names, e-mail addresses, telephone numbers, birth dates, and encrypted passwords as well as un-encrypted security questions. You can read the full statement here.

Wait, August 2013? Over a billion user accounts? Um, WHAT?

What may be more bizarre than the announcement itself is the claim that the attackers have developed a method of cookie-forging that "could allow an intruder to access users’ accounts without a password". This is uncharted territory in the realm of cloud-based e-mail exploits and should be taken very seriously by all parties. In case you are wondering, this statement is not connected to the "state-sponsored" attack that was announced in September of this year.

What now?

If you are a Yahoo Mail user, you may consider doing these things to protect yourself:

  • • Expect a wave of phishing scams messages that claim to be from Yahoo
  • • Update your security software and do a complete scan of your computer
  • • Some cookies are good, but until we understand more about cookie-forging consider deleting your browser cookies for good measure
  • • Change your Yahoo password to something complex that you have not used before
  • • Change all of your other online passwords to something other than your new Yahoo password
  • • Change all of your online security questions and answers
  • • Decide what to do with your Yahoo account and data


If you decide to leave Yahoo there are plenty of options. Before you delete your account, you may consider downloading all of your mail data and contacts from their system first. This is a multi-step process that is fairly technical, but we can help if you need it. Also, don't forget about your Yahoo-sponsored Flickr account!

If you are using a my_business_name@yahoo.com e-mail account, this may be a good opportunity to purchase a web domain (such as your_business_name.com) and move to more secure e-mail access. We can also help you make this transition which will not only improve your security (versus Yahoo), but also improve your business presence.

Would you like more tech news more often? Follow us on Facebook!

Comments are closed.