Yahoo just confirmed that “information associated with at least 500 million user accounts (about half of the platform’s user base) was stolen” from the company in 2014, including “names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers.” In plain English: If you have a Yahoo account, now is the time to change your password and notch up your security settings.
There’s a good chance that none of your information was exposed in the hack, but it’s best-security practice to change your password anyway — better safe than sorry. Yahoo agrees: Per a company statement this afternoon, Yahoo is recommending all users change their passwords. (Particularly looking at you here, Yahoo users who haven’t changed your passwords since 2014.)
Even if you don’t have Yahoo email, you may have a Yahoo account. Used Flickr in the last few years? Or drafted a Yahoo fantasy-football team? Then, yes, you have a Yahoo account. (Yahoo-owned Tumblr operates independently, but for safety’s sake you should update your information there, too.)
To do this:
1) Log into your Yahoo account and click your username in the upper right-hand corner.
2) Next, click “Account info.”
3) Then, on the left side of the screen, click “Account security.” From there, click “Change password” and follow the instructions. (Also, while you’re dealing with security features, go ahead and toggle on two-step verification.)
Yahoo now uses alternative verification methods (cell-phone numbers, alternate emails), so make sure those are up-to-date in case you ever get locked out of your account.
Finally, think about all your other passwords. Are any of them the same, or similar to, your old Yahoo password? Yes? Change those passwords too. And because life can never be easy: Are you using the same security questions at other websites as you were at Yahoo? Yahoo no longer uses security questions for password recovery, so you don’t need to change them there, but if you used identical questions and answers elsewhere on the web, you should change them.