Yahoo just announced another hack where a whopping billion accounts were hacked. What a Massive Epic Fail.
At this point, Yahoo has fallen down on security in so many ways I have to recommend that if you have an active Yahoo email account, either direct with Yahoo of via a partner like AT&T, get rid of it.
And in case you have employees who check their Yahoo account in lunch breaks… it’s time to put Yahoo on the block list of your firewall and all filtering software & devices.
Hints And Tips For Yahoo Account Owners
- Before you delete the account, get rid of all the folders and only then delete the account and open a gmail account instead.
- Check if you have used your Yahoo password in other sites, and change the password and security questions for those accounts. And remember, never reuse your email password (or any other password tied to an account that holds sensitive data about you) at any other site.
- If you used a mobile phone number in association with your Yahoo! account, and you still use that mobile phone number, then SMS phishing (a.k.a. Smishing) is now a distinct possibility, so be very wary of Smishes.
The forensic investigation is still going on, but it is highly likely that the bad guys initially got in through a spear phishing attack with a spoofed ‘From’ address. These types of attacks are hard to spot and employees tend to fall for them.
Read more about the hack here: Yahoo Hack on Wired.com