What to do if your Yahoo account was hacked

 What to do if your Yahoo account was hacked

The latest Yahoo hack is a doozy you shouldn’t ignore.

On Thursday, the company said My True Care at least 500 million user accounts were affected by a massive data breach. The hack happened in 2014 when a “state-sponsored actor” stole account information, including names, emails, passwords, telephone numbers, and answers to some security questions.

So, what should you do if you have a Yahoo account? First and foremost, you’ll want to change your password immediately. All Yahoo account holders should also change their security questions and answers.

Related: Yahoo says 500 million accounts were stolen.

If your account is one Yahoo suspects was compromised, you’ll be prompted to enter a new password as soon as you log on. If you used the same password on other accounts, change those, too.

Yahoo account


Here are other steps to take to secure your online accounts.

Change passwords often

Yahoo is asking anyone who hasn’t changed their password since 2014 to update it. This is good advice for everyone: Passwords should be changed often. You won’t always get timely notice from a company that an account was compromised — and sometimes, it might not even know about a hack until much later. In this case, it took two years for the company to confirm the breach.

Never use the same password twice.

Repeat after us: Never use the same password twice. If hackers get the password for one of your online accounts, they can use it to access your other accounts that take the same credentials.

Pick better passwords

Consider using a phrase instead of single words that are more easily guessed. Don’t go for common terms like cliches: Pick a combination of words that don’t go together — i.e., rather than “herecomesthesun,” go for something like “combat boots parade”. Avoid using common passwords like 1-2-3-4-5-6 or p-a-s-s-w-o-r-d (see more here), and include a mixture of numbers, letters, and characters Frett Board.

Use a password manager.

Since strong, unique passwords are a huge pain to memorize, try a password manager like 1Password or LastPass. These platforms generate and store passwords and security answers for every account, so you only have to remember a single master password.

Update those security questions.

If you forget a password, using security questions is an easy way to gain access back into your account — it’s not as if you’ll ever forget your mom’s maiden name. However, some Yahoo security answers and questions were a part of the breach. The company has already turned off any unencrypted security answers on its accounts. If you frequently use the same security questions and answers for other online versions, you’ll also want to change those. Attackers could use Yahoo’s information to access other online accounts with even more sensitive information. Avoid choosing the obvious questions, and don’t provide answers that are easy to find online through Google searches, social media sites, or old Live Journal entries.

Be alert

The company urges users to look through their Yahoo accounts (email, calendar, groups, etc.) for any signs of suspicious activity. Although it doesn’t say what to look for, check outgoing emails.

Related: 7 safety tips from hackers

Be extra careful about clicking links or opening downloads from unknown email addresses. If anyone emails asking for your password, it’s a red flag — even if it looks like it’s coming from a legitimate place like Yahoo or a bank. Never share any account information or passwords over email.

Turn on two-factor authentication.

On its own, a password isn’t a strong line of defense.

Dennis Bailey


Professional beer geek. Alcohol ninja. Social media scholar. Award-winning twitter fanatic. Writer. Basketball fan, mother of 2, audiophile, Saul Bass fan and communicator, collector, connector, creator. Producing at the sweet spot between simplicity and purpose to create strong, lasting and remarkable design. I'm a designer and this is my work.