Good morning.


You may have seen or heard a news article yesterday reporting a hack of more
than 1 billion user accounts at Yahoo.  It appears that the actual
compromise may have occurred in August of 2013, and has just now been
discovered.  You may also remember that Yahoo announced a hack of 500
million accounts in September of this year.


What does this mean to you?  If you have a Yahoo account I would encourage
you to go in today and reset your password, even if you reset it following
the September 2016 compromise.  If you use your Yahoo email address and that
same password as credentials for any other accounts (PayPal, eBay, Facebook,
LinkedIn, etc.) please reset your password at those sites as well.


When managing your accounts for all web based resources review the security
settings around authentications.  If they offer advanced authentication
services you should take advantage of those tools.  Advanced authentication
services would be things like 2-factor authentication which requires you to
provide something you know (the password) along with something you have
(cell phone, token, email address, home phone) to respond to a text, enter a
series of digits, or answer a phone call.  These advanced services are also
often able to monitor the IP address you have historically accessed the
account from and the browser you use.  Any time you access the account from
a different IP or browser you are either asked additional security
questions, prompted for a 2nd factor or simply alerted with an email or text
that your account has been accessed with a different IP address or browser.


If you have any questions about how to reset your Yahoo password, or the
passwords on any other accounts, please reach out to the ITS Service Center
at 402-472-3970 for assistance.  If you have any questions for me regarding
this breach or any other information security topic you can reach me at the
number below or via email.




Michael Rutt, CISSP | Coordinator IT Security | University of Nebraska -
Lincoln | [log in to unmask] <mailto:[log in to unmask]>  | 402-472-0933