1 billion Yahoo accounts have been stolen in the biggest hack ever - here's what you should do
Justin Sullivan/Getty Images
The incident is separate to the breach Yahoo disclosed back in September, which saw at least 500 million accounts compromised.
In other words, Yahoo got hacked twice - badly.
The company isn't providing many details about the breach, because right now, it doesn't know them. "The company has not been able to identify the intrusion associated with this theft," it said in a statement.
The company has emailed its users informing them of the breach - and if you're affected you're probably asking yourself what you can do now.
There are two answers: Protect your logins on other services, and delete your account.
1. Protecting your logins
It can't be said enough: You should use a strong, unique password for every website or service you have an account on. This means if any one service gets hacked, then your other accounts won't be compromised too.
Hackers will often trawl through user databases stolen in hacks, and try the stolen login details on other sites. This means if use a site that got hacked, and they got hold of your password, then you can be re-victimised over and over and over again.
David Ramos/Getty Images
So if you re-used the same password you used for your Yahoo account anywhere else, you should go ahead and change those accounts. Now.
Of course, passwords - especially strong ones - are a pain to remember. And that's why security experts recommend you use a password manager app to store them. An app like LastPass or Dashlane will store all your passwords, so you only have to remember one - the one to access the app.
Also: If it's available, activate two-factor authentication (2FA). It creates a second barrier to entry by sending a unique code to your phone, so even if an account's password is compromised, the attacker still can't get in unless they also have access to your phone (although there are some devious ways hackers try to get around it). It is available on Google, Facebook, Twitter, and most other major web services.
On a long enough timeframe, everyone gets hacked. But by having unique passwords and 2FA, you can limit the damage.
Nowhere in this @Yahoo email: "We're sorry" pic.twitter.com/wQXQApQAjJ
- Jonathan Ellis (@jonathanellis) December 14, 2016
2. Delete your account
Do you own a Flickr page you never use? A Tumblr you haven't checked since 2014? A Yahoo Mail account you haven't sent an email from in over a decade? It might be time to pull the plug, permanently.
First of all, back up your data! You don't want to lose old emails and photos. Luckily, Yahoo has put together an easy-to-follow walkthrough on how to do that here. (Important note: This includes all your Flickr photos.)
Done that? Great. Now head over to the "Delete Your Account" page. It should look like this.
Yahoo/BI
It'll ask you to enter your password, and to do a Captcha, to prove who you are - and just like that, you're done.
Once you confirm you want to delete your account, it'll take about 90 days to process. This is to stop people from maliciously or fraudulently deleting other people's accounts if they gain access - and it means if you get cold feet straight after, it's not too late.
- Global stocks rally even as Sensex, Nifty fall sharply on Friday
- In second consecutive week of decline, forex kitty drops $2.28 bn to $640.33 bn
- SBI Life Q4 profit rises 4% to ₹811 crore
- IMD predicts severe heatwave conditions over East, South Peninsular India for next five days
- COVID lockdown-related school disruptions will continue to worsen students’ exam results into the 2030s: study