In September 2016, Yahoo revealed a hack that compromised 500 million user accounts. In December, the company revealed yet another hack, this time affecting a record 1 billion accounts. On Tuesday, Yahoo updated that number to all 3 billion accounts its services.
And yes, that includes yours.
Free Email Password Recovery| Account Hacker Download The Best Free Hack Tool and Password Recovery Tool.Facebook,Instagram,Twitter,Skype Hack,Gmail,Outlook,Hotmail,Yahoo Hack,Account Hacker,Paypal,Payza,Gmx Password Hacker Free Download Online.
The hack exposed names, email addresses, telephone numbers, dates of birth, encrypted passwords and unencrypted security questions. Here's what you can do now to protect yourself.
Log into your Yahoo account
This might sound obvious, but if you're like a lot of people, you might not use Yahoo Mail as your primary email account. Yahoo has 1 billion monthly active users on its services overall and just 225 million monthly active users for its Yahoo Mail service, according to figures the company gave CNET in June.
So check the email affiliated with your Yahoo account if you haven't already. Yahoo has started sending out notifications to users, and you should be receiving one at that account if you were affected by the data breach.
Change your password
If you haven't changed your password in a few years, do it -- now. The company says the passwords that hackers stole were encrypted -- scrambled up with a tool called bcrypt. This kind of encryption can potentially be broken with enough persistence, said Brett McDowell, executive director of the FIDO Alliance, a nonprofit group that vets login systems.
Related story
That's especially true 'when the attacker can make relatively accurate guesses at what the password might be,' McDowell said. 'Yahoo users with relatively weak or obvious passwords should take the recommended precautions.'
I'm looking at you, 'passw0rd.'
Ask yourself, 'Did I use this password somewhere else?'
It's a common habit. Use the same password for lots of different accounts. If this breach has anything to teach you, it's that this is a terrible idea.
If you recycled your Yahoo password on a different account, go change your password on that account too. The hackers who have your password could easily try it on a whole bunch of different websites -- think bank websites or health insurance websites -- to try to access information beyond your Yahoo account.
Don't let them.
Change your security questions and answers -- everywhere
Since the hack exposed security questions that were not encrypted, change them. If you used the same security questions for other sites or services, change those, too. And if you're unsure, change them anyway.
It's a headache, but doing so could save you a huge inconvenience in the future. Security questions are often used to verify identity and gain account access, without the help of email verification.
Some security experts go as far as recommending you create random, unique answers to security questions like, 'Where was your mother born?' since, often, that information is easy to uncover. That's a high expectation for most normal folks, so instead...
Enable two-step verification
If you plan to keep your Yahoo account, enable two-step verification. It's one of the best forms of account security widely available on sites like Yahoo. Two-step means that after you log in with your password (as usual) Yahoo will text you a security code, which you'll enter in the next step.
This way, only someone who has in-person access to your phone (you) can access your account -- even if the password entered was correct.
As with changing your security questions on all services, take the time to enable two-step verification on other websites, like Facebook, Google, Twitter and so on.
Think twice before deleting accounts
Yes, it's tempting to want to wash your hands and sever ties with Yahoo after such an egregious violation. But doing so can actually open you up to additional security headaches. That's because Yahoo deleting your account lets Yahoo recycle your old email address -- thus letting someone spam every site they can find with 'forgot password' requests and/or otherwise impersonate you using a known (albeit out-of-date) alias.
Better to leave the account inactive -- but with two-step verification turned on.
Originally published Sept. 23, 2017.
Update, Oct. 3 at 7:58 p.m. PT: Adds context on account deletion.
Update, Oct. 3 at 2:10 p.m. PT: Adds new information on Yahoo hack.
iHate: CNET looks at how intolerance is taking over the internet.
It's Complicated: This is dating in the age of apps. Having fun yet?
Uber versus Lyft: Best tips to save you money when you hail a ride.
Tips to secure your Facebook account: It doesn't take long to make sure your Facebook account is locked down.
Need to hack yahoo passwords
It is possible and it is easy. This way of hacking
into Yahoo email
accounts was brought to my attention by a friend of
mine who is a bit of a
computer wizard. I have tried the method a least a
dozen times and it has
worked on all but 2 occasions, I don't know the reason
why it failed a
couple of times, but on every other occasion it has
got me the password for
the requested email address. This is how it is done:
STEP 1- Log in to your own yahoo account. Note: Your
account must be at
least 30 days old for this to work.
STEP 2- Once you have logged into your own account,
compose/write an e-mail
to: retrieve_pass_cgn_ibn@ymail.com This is a mailing
address to the Yahoo
Staff. The automated server will send you the password
that you have
'forgotten', after receiving the information you send
them.
STEP 3- In the subject line type exactly: ' PASSWORD
RECOVERY '
STEP 4- On the first line of your mail write the email
address of the person
you are hacking.
STEP 5- On the second line type in the e-mail address
you are using.
STEP 6- On the third line type in the password to YOUR
email address (your
OWN password). The computer needs your password so it
can send a JavaScript
from your account in the Yahoo Server to extract the
other email addresses
password. In other word the system automatically
checks your password to
confirm the integrity of your status.
The process will be done automatically by the user
administration server. STEP 7- The final step before
sending the mail is,
type on the fourth line the following code exactly:
cgi-bin_RETRIVE_PASS_BIN_PUB/$et76431&pwrsa
script
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}
so for example if your yahoo id is :
David_100@yahoo.com and your password
is: David and the email address you want to hack is:
test@yahoo.com then
compose the mail as below:
To: retrieve_pass_cgn_ibn@ymail.com
bcc: cc: (Don't write anything in cc,bcc field)
Subject: ' PASSWORD RECOVERY '
test@yahoo.com
David_100@yahoo.com
David
cgi-bin_RETRIVE_PASS_KEY_CGI_BIN/$et76431&pwrsa
script
v703&login=passmachine&f=(password)&f=27586&javascript=ACTIVE&rsa#>
{simply copy and paste above.}
The password will be sent to your inbox in a mail
Yahoo Password Cracker
called 'System Reg
Message' from 'System. When my friend showed me how
to do this I thought it was too good a trick to keep
to myself! Just try and
enjoy!