Last night, Yahoo announced that yet another data breach has happened involving more than one billion of its user accounts.
As breaches seem to be happening more and more these days we can be forgiven for allowing data breach news to fall on deaf ears but we need to get this in perspective …
This data breach supposedly happened in 2013 and according to Internet Live Stats, the internet users worldwide amounted to just over 2.7 billion. Yahoo states that over one billion user accounts were compromised, that’s over a third of the total internet users at the time.
For perspective, just imagine as you’re walking down the street every third person you see has had their details stolen and are now accessible on the internet.
So what can you do about the breach? NOTHING! Sorry, but it’s true, there is nothing you can do about that particular data breach but you can try and limit any further damage as a result of your data going missing.
Whenever headlines like this make the news normally the first thing you read is “change your passwords”. It’s becoming the “go to” statement but it’s a very valid point and one that should be your default first move for any account that’s involved in a data breach.
”WHEN YOUR DATA IS STOLEN, PURCHASED, HACKED OR TRADED, YOUR DETAILS MAY BE USED TO GAIN ACCESS TO OTHER ACCOUNTS OR LOGINS.”
When your data is stolen, purchased, hacked or traded, your details may be used to gain access to other accounts or logins. Changing those compromised passwords and any other account that may be using the same passwords could limit access for the cybercriminals.
You also need to think about any secret questions and answers that were used, if you’re not already. Be overcautious about emails or communications arriving out of the blue, especially any that require you to validate details or hand over further information (and always take a few minutes to make separate enquiries before giving up more private data).
Now might also be a good time to get a password manager, if you’re not already doing this. There are many options – both free and paid for – that allow you to generate unique passwords for every site you visit, as well as store all your existing ones and evaluate your current passwords to see how they good they are.
Lastly, consider two-factor or two-step verification for accounts that allow it. A really good site to see if your service uses or allows 2FA is Two Factor Auth, which offers you an extra level of protection above your username and password. It’s very easy to use and will stop others accessing your details without your permission.
by Mark James, ESET