Yahoo has been hacked ! The news is now in all the world's newspapers not only because Yahoo remains (still for a while if it continues like this) one of the largest and most important web companies, but above all for the size of this hack which, as confirmed by Yahoo itself, concerns 500 million stolen accounts. (which is an absolute record in history).
Today, those who open Yahoo Mail, can also find a message on the screen that warns about "a security problem" of the account and the invitation to click a link that leads to a page in English that explains in detail what happened and the possible consequences.
For those who still do not know, at the end of 2014, hackers stolen, helped and pushed by the authorities of an unspecified state (it is called State actors ), information on Yahoo Mail user accounts.
The information, on sale in the Dark Web at the price of 3 Bitcoins (which are worth 1800 Dollars), includes Email addresses, names of telephone numbers, dates of birth, password hashes (bcrypt decryption method) and also, and this is very serious, the security questions and answers used to recover passwords.
What does this hack in Yahoo mean to us "> what was your teacher in elementary school?".
The question of security is an old practice that is always underestimated by users and that, on balance, always leaves a sensational flaw open for every account that uses it.
It goes without saying that, regardless of any verification, anyone who uses Yahoo Mail (or any other Yahoo service such as Flickr), must now open the page of his personal account, immediately change the password and disable the possibility of recovery through a security question .
Then open Yahoo Mail, click on the gear icon at the top right and go to Account Info to access the security page where you can change your password and deactivate the application.
In addition, if it hasn't been done before, also activate the two-step verification so that every time you log in from a new computer or phone you will also be asked for a variable code to be received via SMS.
The second problem, the most serious and which I had already explained in the past in an article on how to steal account passwords, is that, if in the lists now widespread online, Email addresses and passwords are associated, for other hackers it will be a game to be guys go to try those passwords in other web accounts where that Email was used for registration.
Therefore, if the same Yahoo Mail password has been used for other web accounts, then these are also in danger and must be immediately secured by changing the password.
This time, before doing so, read the guide on how to change passwords securely and, above all, avoid using the same password for all web accounts.
After changing the passwords correctly, you can check if the Email address is in the list of stolen accounts thanks to sites like breachalarm.com or haveibeenpwned.com that organize the various lists put in circulation by hackers and allow you to search fast.
I don't think these sites have already updated their database with the stolen 500 million Yahoo accounts at the moment, but it's still a good thing to check it today.
Finally there is the third cause for concern, which is the worst of all.
If names, surnames, emails, telephone numbers, etc. were really released, even if our Yahoo account had not been hacked and was secured, any cybercriminal can now create a fake profile with our personal data and easily steal our identity .
Yahoo also proved to be an unreliable company given the delay with which it confirmed the hack, which was already being talked about at the end of June.
I am very sorry that such a historic brand for the web is ending up so low, poorly managed and now uncontrolled, that it remains indignant.
If you want to delete the Yahoo account forever because it is no longer in use, then you can open this page, enter the password and confirm the cancellation.
