1 billion Yahoo accounts have been stolen in the biggest hack ever - here's what you should do
View all Offers
- 55% OFF
Bigbanana Men's Regular Fit Trackpants (3800000002962_Maroon_XXX-Large)₹ 849₹ 1899Buy On
- 77% OFF
Yash Gallery Women's Plus Size Cotton Geometric Print Anarkali Kurta (Mustard)₹ 679₹ 2999Buy On
- 68% OFF
Qube By Fort Collins Men's Parka Coat (12570Q_Maroon_Large)₹ 899₹ 2725Buy On
- 65% OFF
Qube By Fort Collins Men's Quilted Jacket (12139_Antique_XL)₹ 836₹ 2199Buy On
- 75% OFF
Cloth Theory Girl's Sweatshirt (CTKD_WI_SWHD_GL047) 8 - 9 Y₹ 799₹ 799Buy On
Justin Sullivan/Getty Images
The incident is separate to the breach Yahoo disclosed back in September, which saw at least 500 million accounts compromised.
In other words, Yahoo got hacked twice - badly.
The company isn't providing many details about the breach, because right now, it doesn't know them. "The company has not been able to identify the intrusion associated with this theft," it said in a statement.
The company has emailed its users informing them of the breach - and if you're affected you're probably asking yourself what you can do now.
There are two answers: Protect your logins on other services, and delete your account.
1. Protecting your logins
It can't be said enough: You should use a strong, unique password for every website or service you have an account on. This means if any one service gets hacked, then your other accounts won't be compromised too.
Hackers will often trawl through user databases stolen in hacks, and try the stolen login details on other sites. This means if use a site that got hacked, and they got hold of your password, then you can be re-victimised over and over and over again.
David Ramos/Getty Images
So if you re-used the same password you used for your Yahoo account anywhere else, you should go ahead and change those accounts. Now.
Of course, passwords - especially strong ones - are a pain to remember. And that's why security experts recommend you use a password manager app to store them. An app like LastPass or Dashlane will store all your passwords, so you only have to remember one - the one to access the app.
Also: If it's available, activate two-factor authentication (2FA). It creates a second barrier to entry by sending a unique code to your phone, so even if an account's password is compromised, the attacker still can't get in unless they also have access to your phone (although there are some devious ways hackers try to get around it). It is available on Google, Facebook, Twitter, and most other major web services.
On a long enough timeframe, everyone gets hacked. But by having unique passwords and 2FA, you can limit the damage.
2. Delete your account
Do you own a Flickr page you never use? A Tumblr you haven't checked since 2014? A Yahoo Mail account you haven't sent an email from in over a decade? It might be time to pull the plug, permanently.
First of all, back up your data! You don't want to lose old emails and photos. Luckily, Yahoo has put together an easy-to-follow walkthrough on how to do that here. (Important note: This includes all your Flickr photos.)
Done that? Great. Now head over to the "Delete Your Account" page. It should look like this.
It'll ask you to enter your password, and to do a Captcha, to prove who you are - and just like that, you're done.
Once you confirm you want to delete your account, it'll take about 90 days to process. This is to stop people from maliciously or fraudulently deleting other people's accounts if they gain access - and it means if you get cold feet straight after, it's not too late.
- Amazon Great Republic Sale: Top deals on recliners, sofas and more home furnishing items
- Best fashion and beauty deals during Amazon sale
- Amazon Great Republic Day Sale — Best audio deals on headphones, speakers
- GST on salaries? A new ruling can cause a lot of confusion and litigation
- Nykaa's rival Purplle raises $38 million from Pantaloon’s CEO, Sequoia