Yahoo says hackers have stolen information from an estimated 500 million users in what appears to be the largest publicly disclosed cyber-breach in history.

The breach included swathes of personal information, including names and emails, as well as “unencrypted security questions and answers”.

The hack took place in 2014 but has only now been made public. The data taken includes names, email addresses, telephone numbers, dates of birth and encrypted passwords, but not credit card data, Yahoo said.

The last biggest known data breach was the hacks from MySpace – which was estimated to have affected 359 million users worldwide.

What To Do

Yahoo have said that ‘[they] are notifying potentially affected users by email and posting additional information to [their] website. Additionally, [they] are asking potentially affected users to promptly change their passwords and adopt alternate means of account verification.’

More information from Yahoo about this breach can be found here.

It is advised that if you currently have, or have previously had, an account with Yahoo that you change your passwords for all accounts as soon as possible. As data such as names, phone numbers and dates of birth have been accessed, it is highly important to change your online banking and email passwords as a top priority.

Advice on the best ways to generate new passwords can be found in this Safe In Warwickshire article. Password managers generate and remember new passwords for you without the hassle – Wired has an article offering advice on which ones may be best for you to use.

It is also important to remain vigilant with any emails you receive into your inbox, as these may be scams.

Here’s what else you can do to make yourself safer:

• Change your password and security questions for your online accounts. You should change passwords often and never use the same one twice.
• Monitor your account for any suspicious or unexpected activity.
• Be very wary of any emails purporting to come from Yahoo, particularly if they prompt you to click any links, download any attachments or give out any personal information.
• Be wary of anyone calling asking for personal information, bank details or passwords. If in doubt, just hang up.
• Contact your bank/credit card company, so that they can monitor for suspicious activity on your account.
• Watch out for signs of identity crime. Visit Experian, Equifax or Noddle to check your credit rating to make sure no one has applied for credit in your name.
• For online safety advice visit Get Safe Onlne and Cyberstreewise.
• If you have fallen victim to fraud, report it to Action Fraud and get a police crime reference number.
• Yahoo is also asking users to consider using Yahoo Account Key, a simple authentication tool that eliminates the need to use a password altogether.

For more information about our work, please visit www.safeinwarwickshire.com/cybercrime

Be Cyber Streetwise is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).

Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems.