As you may have heard, Yahoo confirmed Thursday that at least 500 million user accounts had been affected by a massive breach. Here are some answers to basic questions that you may have about the breach.
What information has been hacked?
Yahoo’s chief information security officer, Bob Lord said in a blog post that account information taken “may have” included names, email address, telephone numbers and dates of birth. Lord also said that password information – though not passwords in plain text – may have been stolen, as well as some answers to security questions.
How about financial information?
Yahoo is still investigating, but thus far Lord said financial information, including credit card numbers and payment card data, were not accessed; that information is stored in a separate system.
Still, users should check their credit scores to see if any new accounts have been opened in their name, as this type of personal information can be used as a key to get enough information to open an account.
How do I know if I’ve been affected?
Yahoo will be contacting potentially affected users by email.
Also, beware of scam emails that may reference the Yahoo breach to try and pull more information out of you, by asking you to “verify” information.
What should I do on my Yahoo account?
Users will be asked to change their passwords. Any unencrypted security questions and answers will be invalidated, meaning that users will have to submit new ones. Yahoo is also asking anyone who hasn’t changed their password since 2014 to do so for good measure.
Does Yahoo have a place where I can find all this information?
The company has also set up a frequently asked questions page for anyone who may have been affected by the breach.
Is there anything else I should do?
Yes. Paul Stephens, of the Privacy Rights Clearinghouse, advised that Yahoo users think about the repercussions this may have on their non-Yahoo accounts as well. Any password, username or security question that you’ve used on your Yahoo account may now be in the hands of hackers, who are likely going to try and use that information on other sites.