Home | WebMail | Register or Login

      Calgary | Regions | Local Traffic Report | Advertise on Action News | Contact

Science

How to protect yourself after the Yahoo email hack, whether you use Yahoo or not

If you have a Yahoo email address, or ever had one in the past, you could be affected by a massive hack of half a billion accounts. Here's what you can do to protect yourself.

Every online service is vulnerable, so it's best to be proactive about cybersecurity

Whether you use Yahoo Mail or any other online service, you're at risk of having your account hacked. (Shutterstock)

Yahoo's bombshell revelation that some 500 million of its email accounts have been compromised by a state-sponsored hack shows that no online service no matter how big is safe from attacks.

If you've had aYahoo email address since 2014, or if you have an old one you haven't used in a while,you could be affected by the recent breach.But even if you're living Yahoo-free,you're stillat risk from similar attacks on online accounts.

"The trends of the past few years show us that the bad guys are certainly able to penetrate sophisticated, well-equipped enterprises," MarkMcArdle, chief technology officer at the Cambridge, Ont-basedcybersecurityfirmeSentire, said. "Just because you have a large, Fortune 500 logo does not mean that you are somehow immune from these types of breaches."

Here's what you need to do to protect yourself.

Find out if you were hacked

According toCNET, Yahoo has one billion active monthly users on its services, and225 million monthly active users forYahoo Mail.So there's a chance that even if you don't use Yahoo as your primary email, you have an account lying dormant somewhere.

So whether Yahoo isyour mainemail,a backup or somethingyou signed up for to get access to another Yahoo service, check your Yahoo Mail accountright now, because that's how the company is notifying users they've been targeted.

What's more, your email doesn't have to end in @yahoo.com to have been a target.In Canada, for example, people with email service through Rogers Communicationscould be affected, as Rogers emails are powered byYahoo.

Neither Yahoo nor Rogers would give a breakdown of how many Rogers customers were hit by the hack, but Rogers says no account or credit card numbers were compromised.

"We take our customers' privacy seriously and are in contact with Yahoo as they continue their investigation and determine next steps" Rogers said.

Change your password

Yahoo also is recommending that all users change their passwords if they haven't done so since 2014.

The stolen passwords were encrypted, but a dedicated hacker can get through that especially if you usesomething weak like "passw0rd" or "12345."

If you use your Yahoo password on other sites,change those too and make themdifferent from your new Yahoo password.

While you're at it, change up your security questions. Yahoo says the questions and the answers were compromised in the breach. If you tend to use the same security questions across multiple sites, change them everywhere.

Changeallpasswords regularly

In fact, whether you have a Yahoo account or not, it's a good idea to switch up your passwords regularly.

And no matter how convenient it may be,do notrecycle your passwords. You're just making it easier for hackers to do widespread damage.

"Not using the same password in multipleplaces is just good hygienic internet practice," McArdle said.

Obviously, managing dozens ofpasswords or more can beunwieldy. That's whyMcArdlerecommends installing password manager software like1PasswordorLastPass.

These generate strong passwords for all your accounts and store them securely, so you only have to remember one, albeit complicated, master password.

Enable 2-step verification

If the service you're using has two-step verification and Yahoo does turn it on.

This adds a second method of authenticating your identify after you type in a password,usually by sending you a code through a text message or an app.

"For a hacker, having a username and a password isallyou really need when there's no two-factor authentication," McArdle said."Everyone should be switchingtwo-factorauthenticationwhereverit's available."

And if you're using a service that doesn't offer two-step, McArdle saysyou should demand it.

Beware ofgrifters

The Yahoo hack has a lot of people talking and panicking, and cybercriminalswill use that against you.

"Wheneverthere has beena big event in the mediaa hacker has tried to take advantage of that and use eitherthe excitement or the concern around those events to trick users," McArdle said.

Be on the lookout for fake emailspurporting to be from Yahoo or another servicewarning you about security problems and asking for your information.

"Be suspicious of any links you see,"McArdle said."The bad guys are really on to this trick."

With files from The Associated Press