You may have seen or heard a news article yesterday reporting a hack of more than 1 billion user accounts at Yahoo. It appears that the actual compromise may have occurred in August of 2013, and has just now been discovered. You may also remember that Yahoo announced a hack of 500 million accounts in September of this year.
What does this mean to you? If you have a Yahoo account I would encourage you to go in today and reset your password, even if you reset it following the September 2016 compromise. If you use your Yahoo email address and that same password as credentials for any other accounts (PayPal, eBay, Facebook, LinkedIn, etc.) please reset your password at those sites as well.
When managing your accounts for all web based resources review the security settings around authentications. If they offer advanced authentication services you should take advantage of those tools. Advanced authentication services would be things like 2-factor authentication which requires you to provide something you know (the password) along with something you have (cell phone, token, email address, home phone) to respond to a text, enter a series of digits, or answer a phone call. These advanced services are also often able to monitor the IP address you have historically accessed the account from and the browser you use. Any time you access the account from a different IP or browser you are either asked additional security questions, prompted for a 2nd factor or simply alerted with an email or text that your account has been accessed with a different IP address or browser.
If you have any questions about how to reset your Yahoo password, or the passwords on any other accounts, please reach out to the ITS Service Center at 402-472-3970 for assistance. If you have any questions for me regarding this breach or any other information security topic you can reach me at the number below or via email.
Michael Rutt, CISSP | Coordinator IT Security | University of Nebraska – Lincoln | [log in to unmask] | 402-472-0933