Washington, D.C. – Yahoo! Inc. just announced a massive data breach that affects some 500 million email accounts. According to the company, account information was stolen from the company’s network in late 2014.
“Major data breaches remind us that we must do our part and be vigilant in protecting our personal online information,” said Michael Kaiser, executive director of the National Cyber Security Alliance (NCSA). “An easy first step for everyone to better secure all email, social media and financial accounts, is to make use of available security tools such as multi-factor and strong authentication that provide an additional layer of protection. Email accounts in particular are extremely important to protect as once breached, hackers can use them to reset passwords and break into other accounts, steal identities, target contacts and put an individual’s data and reputation at risk.”
NCSA urges all Yahoo users to not wait and see if their account was compromised and to take action now to secure their accounts. The good news is that Yahoo has a free two-factor authentication service for its users. As detailed on the company’s website, it’s easy and takes a few simple steps to turn on.
With National Cyber Security Awareness Month just a few days away, it is a good time to encourage everyone to take the following proactive steps to protect their online information, remembering that securing the internet is our shared responsibility.
All internet users should follow this basic advice to stay safer and more secure online, including the following:
- Get two steps ahead and protect core accounts – such as email, financial servicesand social networks ‒ with multi-factor authentication. Multi-factor authentication requires a second step, such as a text message to a phone or the swipe of a finger, to be used in addition to a password to log on to an account.
- Make better passwords. If passwords are the only option, change and make them better. Length and ability to remember passwords are the two most important factors. A phrase of multiple words you can remember makes a good password. Important accounts should have unique passwords not used to access any other accounts.
- Clean and keep all machines clean. Immediately update all software on every internet-connected device. All critical software – including PCs and mobile operating systems, security software and other frequently used software and apps – should be running the most current versions. Delete all unused apps.
- Monitor activity on your financial and credit cards accounts. If appropriate, implement a fraud alert or credit freeze with one of the three credit bureaus (this is free and may be included if credit monitoring is provided post breach). For more information, visit the Federal Trade Commission website identitytheft.gov.
- When in doubt, throw it out. Scammers and others have been known to use data breaches and other incidents to send out emails and posts related to the incident to lure people into providing their information. Delete any suspicious emails or posts and get information only from legitimate sources.
For more information, including links to sites that offer multi-factor or stronger authentication, visit https://stopthinkconnect.org/campaigns/two-steps-ahead-campaign